How to disable CrossDeviceResume.exe?

[Deleted member 39026]

Try the first .bat with admin. if that doesnt work try the second one.

it worked for me.

its from Gemini AI

2nd batch worked. but its nothing different than renaming the file.

 

[scaramonga]

...same, and after a while, it still pops up regardless Nothing will get rid of this sh*t, unfortunately.

I'm going to start a 'monitoring' process this week, and let this system run, so I can try and catch whatever is triggering this nonsense, as it is keeping me awake at night now

 

[Anonymous Internet User]

...same, and after a while, it still pops up regardless Nothing will get rid of this sh*t, unfortunately.

I'm going to start a 'monitoring' process this week, and let this system run, so I can try and catch whatever is triggering this nonsense, as it is keeping me awake at night now

I tried this in the past and failed to find what was triggering it. I have vague memories but I think even Garlin didn't know what was responsible for spawning this garbage.

If you do find out, please share. I, and I guess few others too, will be grateful Good luck!

 

[garlin]

SvcHost is spawning CrossDeviceResume.exe, which is why IFEO doesn't work to block execution. Beyond that, I don't have a mobile device attached so I can play around.

 

[PoisonIV]

Hello there, I made this account only to post this.
I'm pretty obsessive about what processes/features can run on my PC, and Resume has been driving me crazy since its release. Turning it off in setting doesn't work, and the recent updates have reinstalled, re-enabled, and hardened Resume (along with other services and scheduled tasks).
I've looked everywhere and tried it all. Editing the Registry rules, using Vivetool, Autoruns, PSTools, blocking the process, deleting the CrossDeviceResume, ACL and IFEO blocks, nothing has worked. Only one solution has worked:

1. Create a restore point, just in case
2. Create a useless executable file (I made mine take any parameter, do nothing and exit), and name it CrossDeviceResume.exe
3. Open PowerShell as admin
4. Copy permissions of real CrossDeviceResume.exe in the "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_*\" directory to $acl (or file)
   $acl = Get-Acl "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_*****\CrossDeviceResume.exe"
5. Take ownership and control of the real CrossDeviceResume.exe
   takeown /F "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_*****\CrossDeviceResume.exe"
icalcs "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_*****\CrossDeviceResume.exe" Administrators:F
6. Rename the real CrossDeviceResume.exe to whatever
7. Move your fake CrossDeviceResume.exe to "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_*****\"
8. Set the fake CrossDeviceResume.exe's permissions to the ACL copy
   Set-Acl -Path "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_*****\CrossDeviceResume.exe" -AclObject $acl
9. Move (or delete) the renamed real CrossDeviceResume.exe

While this isn't the prettiest method, it's the only thing that has worked for me. Please let me know if you have any questions or if there is a very obvious issue I may have missed

Disclaimer: Use at your own risk. Modifying Windows system files can cause unexpected issues and may be undone by future updates.

 

[Anonymous Internet User]

I'm pretty obsessive about what processes/features can run on my PC.

Welcome to the forum

 

[scaramonga]

Interesting.

 

[PoisonIV]

Update. It came back. :'(
I've resorted to setting up a scheduled task that kills it.

 

[scaramonga]

Yeah, it's nasty.

 

[Anonymous Internet User]

Yeah, persistent crap, infuriating.

 

[16309]

If all else fails kludge it. All's fair in love and war.

 

[Anonymous Internet User]

I came across some other "solutions", but none worked:

- several registry and GP edits -> none works
- dummy exe -> works if you also kill Windows Update, might work then
- denying execute permissions (ownership change) -> error on login
- denying execution with AppLocker (Local Security Policy) -> error on login
- killing Connected Devices Platform, I already do that anyway and it doesn't work
- nuking Microsoft headquarters from orbit -> drastic, besides I lack the resources, not sure if anyone else tried
- switching to Linux -> also drastic

Looks like killing it with a script, scheduled task or some utility like Process Lasso is the only way. I like Process Lasso better than startup/login task since it detects and kills tasks on sight even if they spawn later, after login.

 

[Anonymous Internet User]

If all else fails kludge it. All's fair in love and war.

LOL, I used AI for something good:

Spoiler: cartoon

 

[16309]

Try this - Restart Explorer elevated from Power-Run(run as administrator), you will now be logged in as the System "user", do your chosen tweak, logout then login in your normal account.

 

[scaramonga]

Yup, once killed its seems to stay that way until a reboot. Closing lid on laptop in sleep seems fine also. So the 'scheduled task' is the way to kill it on boot for now. Seems to just ignite on a system restart.

That is how I have it now set, so far, so good. Not ideal, but hey-ho.

Make sure to have 'Resume' off in settings also.

On latest LTSC updated to recent 8737 this week, all in VM, of course

It's actually running pretty good, but the thought of running this trash on any of my main systems turns my stomach.

 

[PoisonIV]

This scheduled task has worked without issues for me:
schtasks /create /sc OnLogon /delay 0000:03 /tn "\Microsoft\Windows\Shell\Kill CrossDeviceResume.exe" /tr "taskkill /im CrossDeviceResume.exe /f" /ru SYSTEM /f

I ran the command through PsExec, but it should work through regular Admin PowerShell

 

[alexspecht]

This scheduled task has worked without issues for me:
schtasks /create /sc OnLogon /delay 0000:03 /tn "\Microsoft\Windows\Shell\Kill CrossDeviceResume.exe" /tr "taskkill /im CrossDeviceResume.exe /f" /ru SYSTEM /f

I ran the command through PsExec, but it should work through regular Admin PowerShell

That should work good. I tried renaming it and taking ownership etc. but Id get annoying error on login every time, also SFC /Scannow reverted it. The task scheduler on login (above) should work better.

This program is stupid: crossdeviceresume.exe If MS wanted to make something usefull for the phone they would do a mirroring app like scrcpy
which I DO use nearly every session.

Thanks for this forum. this is my first day

 

[Anonymous Internet User]

That should work good. I tried renaming it and taking ownership etc. but Id get annoying error on login every time, also SFC /Scannow reverted it. The task scheduler on login (above) should work better.

This program is stupid: crossdeviceresume.exe If MS wanted to make something usefull for the phone they would do a mirroring app like scrcpy
which I DO use nearly every session.

Thanks for this forum. this is my first day

Welcome to the forum!

Yes, renaming, removing, blocking or changing permissions doesn't work. The cleanest way is to terminate it and it usually doesn't come back until reboot.

If you happen to own a license for Process Lasso, you can use its Disallowed Processes feature to kill unwanted processes on sight. It's good because it will kill processes whenever they spawn over again. This is what I do.

There are some free apps on the web that claim to kill processes on sight but most seam like junk or even malware. This is the only one that appears to be legit, but it hasn't been updated in 4 years and I had mixed results with it: ProcessKiller, sometimes it would just stop terminating processes.