Windows 10: What are Rempl.exe, Remsh.exe, WaaSMedic.exe?

[German]Users who inspect Windows 10 may come across the Windows subfolder REMPL and files like Rempl.exe, Remsh.exe, WaaSMedic.exe, Sedlauncher.exe etc. What are these files for?


Advertising


Reliability update KB4023057 for Windows 10

On November 15, 2018, Microsoft has updated and released its KB4023057 reliability update for Windows 10 (versions 1507 through 1803). I mentioned this within my blog post Patchday Windows 10-Updates (November 13, 2018). Microsoft writes about the update:

This update includes reliability improvements to Windows Update Service components in Windows 10, versions 1507, 1511, 1607, 1703, 1709, and 1803. It may also take steps to free up disk space on your device if you do not have enough disk space to install Windows updates.

This update includes files and resources that address issues that affect the update processes in Windows 10 that may prevent important Windows updates from being installed. These improvements help make sure that updates are installed seamlessly on your device, and they help improve the reliability and security of devices that are running Windows 10.

Sounds quite harmless, the update will improve the stability and reliability of the mentioned Windows 10 versions so that they can upgrade to Windows 10 V1809. Microsoft writes about the features:

  • This update may try to reset network settings if problems are detected, and it will clean up registry keys that may be preventing updates from being installed successfully.
  • This update may repair disabled or corrupted Windows operating system components that determine the applicability of updates to your version of Windows 10.
  • This update may compress files in your user profile directory to help free up enough disk space to install important updates.
  • This update may reset the Windows Update database to repair the problems that could prevent updates from installing successfully. Therefore, you may see that your Windows Update history was cleared.

The update therefore intervenes very deeply in the system during installation, compresses files to make free space if necessary, and repairs settings that prevent an upgrade via Windows Update. If you look at the list of files, you will see the following names:

  • Luadgmgt.dll
  • Sedlauncher.exe
  • Sedplugins.dll
  • Sedsvc.exe

I had written something about these files in the blog post Windows 10: Update KB4023057 released (Sept. 6, 2018). The article Windows 10: What is REMSH.exe for? explains REMSH.exe. But that file will be replaced by Sedlauncher.exe.

More details

MVP colleague Vishal Gupta from askvg.com also noticed files like Sedsvc.exe, Sedlauncher.exe, Rempl.exe, Remsh.exe and WaaSMedic.exe in the REMPL folder.


Advertising

What are Sedsvc.exe, Sedlauncher.exe, Rempl.exe, Remsh.exe and WaaSMedic.exe Files Present in REMPL Folder in #Windows10 https://t.co/kWItVudCDA

— Vishal Gupta (@VishalGuptaMVP) 20. November 2018

Within this blog post he wrote, that he noticed that the two program files:

  • sedsvc.exe
  • sedlauncher.exe

tried to connect with the Internet. However, the firewall prevented this. In the Task Manager he noticed sedsvc (image below), under which the Windows Remediation Service runs.

Sedsvc.exe
(Source)

The files were digitally signed by Microsoft, so that it could not be malware. In the folder REMPL he found the following files on his Windows 10 system:

  • Logs
  • CTAC.json
  • disktoast.exe
  • osrrb.exe
  • rempl.xml
  • sedlauncher.exe
  • sedplugins.dll
  • sedsvc.exe
  • ServiceStackHardening.Inf
  • strgsnsaddons.dll
  • toastlogo.png

Some of these files have already been discussed above – explanations can be found in the linked articles. There is the file ServiceStackHardening.inf, which stands for reliability measures for services (probably update service). Files with names like strgsnsaddons.dll are probably auxiliary files for the update improvement. So the files must have come on the machine in connection with the above mentioned update. The purpose is to remove the update blockade for the next higher Windows 10 version.


Advertising


This entry was posted in Windows and tagged . Bookmark the permalink.

1 Response to Windows 10: What are Rempl.exe, Remsh.exe, WaaSMedic.exe?

  1. michael says:

    On a related note, see
    Defending against Windows 10 bug fixes
    https://www.michaelhorowitz.com/Defending.against.Windows10.patches.Oct.2018.php
    Especially the topic:
    A FULL FRONTAL ATTACK ON WINDOWS UPDATE

Leave a Reply

Your email address will not be published. Required fields are marked *