svchost (netsvcs) download from Akamai - What is initiating?


  1. Posts : 13
    Windows 7 Home Premium 64bit
       #1

    svchost (netsvcs) download from Akamai - What is initiating?


    Platform: Windows 7 Home Premium 64 bit, ASUS K52F laptop

    Note: I have posted this on 2 other forums & did not receive a solution so I am posting it here. Hope that is okay.

    I have observed extensive downloads (using the NetMeter gadget) averaging 400-600kbps for up to 10 minutes from Akamai. This happens every time I reboot and log into my laptop. I would appreciate if someone would explain what is happening.

    I would like to determine exactly which software on my laptop is initiating this download from Akamai.

    Note that I do not have any data in the cloud so this should not be a sync event.

    Here is the process I followed to track this download:
    (1) Used Windows ResourceMonitor to see the process PID that was downloading from the Internet. ResourceMonitor displayed "svchost (netsvcs)" as the process involved in the download.
    (2) Used ProcessMonitor to display the process tree for the svchost process in question. See the attached "Appinfo Svchost process tree.jpg" for details.
    (3) Used CPorts.exe to trace the process PID to a specific URL from which the process is downloading, then traced the IP in Who.Is to see that the site is Akamai. See the attached "Download process & remote address.jpg" for details.
    (4) In ProcessMonitor if I kill the specific process, the download immediately stops. This is confirmation that I am looking at the culprit PID.

    Note that I have scanned my laptop with the following & nothing was found: AdwCleaner, Avira, Malwarebytes, Stinger, SuperAntiSpyware, Windows Defender, TDSSKiller, Gmer, Junk Removal Tool, Rkill, RogueKiller. I also used SFC to check integrity of Windows libraries - all ok.

    I understand that Akamai is a CDN. However the download does seem to be extensive (although I do not have specific numbers as to exactly how much is downloaded).

    ==> How do I determine exactly which software on my laptop is initiating this download & what is being downloaded from Akamai?

    Thank you.
    Attached Thumbnails Attached Thumbnails svchost (netsvcs) download from Akamai - What is initiating?-appinfo-svchost-process-tree.jpg   svchost (netsvcs) download from Akamai - What is initiating?-download-process-remote-address.jpg  
      My Computer


  2. Posts : 1,049
    Windows 7 Pro 32
       #2

    I think the next step would be to try software like Microsoft Network Monitor or it's newer replacement Microsoft Message Analyzer. Or Wireshark. But I've tried that myself and I'd say it's impossible to fully understand what and why the OS itself is connecting and downloading, especially when it's from Akamai and similar.
    Meet the successor to Microsoft Network Monitor! - MessageAnalyzer - Site Home - TechNet Blogs
    But I hope a network expert can stop by and help out more.
      My Computer


  3. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #3

    Old thread but the answer is that it's an Akamai operated server that Microsoft uses to distribute Windows Updates from. There are Akamai servers all over the world. Here's a recent trace from my machine:

    svchost (netsvcs) download from Akamai - What is initiating?-tracert.jpg

    So when I check for and download windows updates they arrive from a server here in London UK.

    Akamai provides download services to third parties, including Microsoft. Both Windows Update and WSUS seem to download content from Akamai rather than directly from Microsoft. Akamai has many servers and can figure out which ones are closest to you resulting in much higher download speeds.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:24.
Find Us