SRU and SRUDB

Topic

New Reply

I’ve a few irritating problems with programs stopping working suddenly.  Old programs so perhaps that isn’t relevant.

Scanning log files, there is one called SRU.log which is ubdated after the failure.  It is located in c:\windows\system32\sru\  and that directory includes 10 files occupying 64 mb of space, almost all of which is srudb.dat

Oddly my quick search is quite unrevealing on what “SRU” actually is.  I would guess it is not anything to do with sulphur recovery unit….

Doesn’t seem likely but could it have anythign to do with old programs freezing  (“Eudora is unresponsive…”)?

Any idea what this is?

 

Reply | Quote

Replies

Win10forums has a query about the SRUjet throwing up errors which seems to provide a resolution.

If debian is good enough for NASA...

Reply | Quote

I think it’s a symptom rather than a cause, as SRUDB is a database related to Diagnostics Policy Service: What is SRUJet?

Reply | Quote

I’ve noticed something similar, just now found 8 GB of data in a personal Documents folder. The data is from a file named “16_04_2023_09_18_24.sdb” all dating as  DD_MM_YYYY_HH_MM.sdb as far back until March of this year. I’m unsure what this is associated with other than they being an database file.

I’ve opened both the sdb database file and points to SYSTEM\SRU among multiple other questionable entries into the sdb file indexing etl and sessions. Additionally, a string in the sdb file “DeviceName=”\Device\HarddiskVolume3\Windows\System32\SleepStudy\user-not-present-trace-2023-04-16-08-30-14.etl”” among others is quite questionable of what the sdb file is associated with. Especially when the sdb file resides within a directory which I personally created.

Also searching the SRU*.log file displays that the information is encrypted, so I am unable to view its contents.

This information seems to have begun around the same time my system began to slow down. Unsure if related.

 

C M …qòABÄÉŠGLýABÄÉŠG®C:\Users\’username’\Downloads\Documents

 

The above blockquote is displayed about 1/4 the way down the sdb header.

 

The sru file that you’re seeing are 64 kb each on my end.

Reply | Quote

Since writing my reply there have been six more files 20-22 MB of ‘DD_MM_YYYY_HH_MM.sdb’ written to the directory.

Whatever is running this makes the laptop almost unresponsive but useable. In the meantime, I stopped the Diagnostics Policy Service, which I always believed runs all the time. After stopping the service, the system is more responsive but still sluggish. Whether this will halt the creation of ‘DD_MM_YYYY_HH_MM.sdb’ written to the directory is unknown.

 

I can only suspect this is something I set up, since these files are saved directly in a user created subdirectory. I recall setting up Audit Process Creation and Detailed tracking within Group Policy Editor, but these policies are disabled and those events would be displayed within Event Viewer.

 

 

I am stuck.

Reply | Quote

The resolution of my issue might not be pertinent to your situation. I observed references to the “sru” directory in numerous lines within my “sdb” files. However, upon further examination, I identified “block/allow” and “flag” tags within these files. This led me to investigate security software, whereupon I discovered that the “sdb” files were, in fact, logs generated by Comodo. I had enabled this feature in the preceding month but had forgotten about it. It would have been beneficial if the Comodo developers had included an indication in the file header that these “sdb” files were generated by their software.

Enabling logging significantly impeded my system’s performance, rendering it sluggish yet operational. In retrospect, I find it somewhat disconcerting that I failed to recognize the origin of these files, as I should have been aware of the application generating them. I feel silly.

2 users thanked author for this post.

Richard Merchant, wavy

Reply | Quote

I see that I too have Comodo installed – I have no recollection of installing the program but it was apparently back in 2020 so I may just have forgotten.  I shall try removing the program using the company’s utility  (it does not show up in my Revo list of programs)…

https://forums.comodo.com/t/official-comodo-uninstaller-v3-2-0-82-released/314767

 

 

Reply | Quote

Having uninstalled Comodo about 4 months ago I searched my system again and I find no sru.log files at all.

I think I can conclude that this indeed was the program producing the files!

Reply | Quote