Remediation Service: Windows 10’s Dirty Secret

I don’t use Windows often. Much of my time is spent in Arch Linux except on the rare occasion I have an interest in doing something that requires Windows (typically gaming or Reason). Imagine my surprise when I booted in Windows about a week or two ago and started noticing a series of processes consuming a significant amount of disk bandwidth and appearing to scan the entirety of a) installed applications and b) everything in my user profile directory.

It turns out that sometime late last year (November 2018, possibly earlier), Microsoft released a series of patches for “reliability improvements” which include the “remediation service” that performs a few interesting tasks. Notably, this includes a service that “may compress files in your user profile directory to help free up enough disk space to install important updates.” If you’ve seen sedlauncher.exe in Windows Resource Monitor, it belongs to the remediation service and is the tool design to scan your user profile directory, presumably for files that may be candidates for compression.

sedlauncher.exe‘s malware-like behavior stems from the fact that a) it isn’t strictly launched when Windows Update requires additional space and b) it performs a thorough scan of everything in the user profile directories (pidgin chat logs, pictures, media, desktop files–everything). I assume this is because it is collating a list of files it would compress in the event Windows Update runs out of space based on some heuristic, but what perplexes me is that it is impossible to tell precisely how well a file will compress until the file is actually compressed. Yes, there’s a few heuristics you could apply (it is a file type known to compress well) but these don’t always hold true: Imagine a virtual machine image that contains a large number of compressed archives. VM images do compress well, generally, but only because the contents of the image aren’t typically compressed. But this also presents the question: Why scan for compression targets when there’s already plenty of disk space available to Windows Update? What exactly is this tool doing?

Most guides online direct visitors to one of two solutions: Remove the applicable updates or disable the Windows Remediation Service. The former isn’t a sustainable solution, because the updates will eventually be applied or because Windows’ stellar history of absolutely no security flaws (sarcasm) strongly suggests skipping updates isn’t wise. Curiously, the latter option–that is, disabling the culprit service–appears to be a foolhardy solution as well, because sedlauncher.exe returns, diligently, to its previous state of scanning everything it can access. It’s likely Windows Remediation Service scanners are launched via the task scheduler, but I’ve yet to find exactly where or how.

There is one particular solution that might work. Unlike most other core Windows tools, sedlauncher.exe is not contained in the Windows root. Instead, it resides under C:\Program Files\rempl. This rather bizarre choice suggests Microsoft has a keen interest in packaging this tool separately for other operating systems or wishes to disguise it as an installed application to keep it from prying eyes. You decide.

I’ve found renaming sedlauncher.exe to something else appears to work as a temporarily solution (but only temporary) with the appropriate caveats applied (exercise caution as this may break things). I expect it to be reinstalled with a future update, but for now it won’t be scanning my profile directory for files to assault. Whether this works in your case (or not) is left as an exercise to the reader, but be aware this may break other parts of Windows Update. I have no idea how deep the tendrils of this telemetry run into the dark recesses of Windows 10.

No comments.

Windows 7 Maxing Out RAM?

Yeah, I thought it was a bit ridiculous, too.

I was reading this piece on Slashdot a couple of days ago, slightly infuriated, because I’ve actually had very few issues running Windows 7–with some exceptions. I’m glad that Ars Technica has come out to set the record straight.


Turns out that there’s some speculation the individual who brought the memory issues to the forefront is a fraud.

Anyway, look forward to seeing another link of the week in a few days. I’ve been getting caught up with a couple of things, including a personal project in my free time that might be of interest (more on that in another post). Actually, I have several; there’s one in particular that I’ve found rather captivating. Stay tuned! If I get around to it, I’ll post a little tomorrow.

No comments.

Annoyances: Windows 7 DVD/CD Tray Ejection

I discovered earlier this week that Windows 7 has another annoying holdover from Windows Vista. It turns out that if you have CD or DVD burner, Windows will conveniently eject the tray for you if you double-click the drive from Windows Explorer (or single click it from the file save/open dialog).

That’s a great idea EXCEPT when you have a case like this one. (Mine’s an older Sonata but the same situation applies.) Let’s think about it: Ejecting the tray when there’s a lid outside the drive that operates to keep it closed. Thank goodness I didn’t damage anything.

Thankfully, there’s a solution. It’s not a great solution. They don’t have an obvious “uncheck this to prevent Windows from stupidly ejecting your drive during accidental clicks.” Instead, you have to disable and remove burning features from Windows explorer using the group policy editor (gpedit.msc).

TLDR version/I don’t like clicking links:

To disable ejecting your CD tray after an accidental click, enter gpedit.msc into the run menu or the start menu’s search bar and then browse to: User Configuration -> Administrative Templates -> Windows Components -> and click on Windows Explorer. From here, set Remove CD Burning Features to Enabled.