Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Why does Win7 frequently try to access Akamai servers through svchost?

23 Jan 2017   #1
VeganCaramel

Quad boot: XP-32-Pro, 7-32-Ult, 7-64-Ult, Ubuntu-64
 
 
Why does Win7 frequently try to access Akamai servers through svchost?

Win 7 frequently tries to access Akamai servers through svchost.
Win XP never tries to do this.
Anyone know what M$ added to Win 7 that's trying to access these servers?

Notes:
- Win 7 does this even after a fresh install with no other software installed.
- Don't need any guesses. I have a whole list of guesses from googling. I'm wondering if anyone knows what Windows is actually doing.
- I'm using Win 7 Ultimate x64, super lean; no bells & whistles active; all non-mandatory services disabled, including Windows Update.

SOLVED:
Two Windows services, CryptSvc and NlaSvc, were trying to contact Akamai servers via svchost.
After monitoring their traffic, it appears CryptSvc may have been engaging in CRL activities and NlaSvc may have been engaging in NCSI activities. Much of the traffic was, understandably, not easily decipherable so I can't pass judgement on whether or not the communications were entirely innocent/harmless. Elsewhere in this thread, I've posted the results of the monitoring if you want to have a look.
Disabling CRL checking and Active Probing put an end to the Akamai server contact attempts. I posted more details and instructions elsewhere in this thread.


My System SpecsSystem Spec
.
23 Jan 2017   #2
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

My System SpecsSystem Spec
23 Jan 2017   #3
VeganCaramel

Quad boot: XP-32-Pro, 7-32-Ult, 7-64-Ult, Ubuntu-64
 
 

Thanks for the links.
I had never come across DnsEye. I'm sure I'll find it quite useful.
I have the Windows Update service completely disabled so I certainly hope Win 7 isn't still attempting to contact update servers.
Here are some of the Akamai IP's svchost has tried to connect to.
Code:
184.25.56.98
104.99.238.11
23.62.239.25
173.223.52.193
23.216.10.201
63.217.21.26
2.16.4.178
184.51.0.250
184.28.188.193
23.209.179.27
104.93.82.19
104.93.82.11
This is all I got when attempting a tracert on one of them:


Attached Images
Why does Win7 frequently try to access Akamai servers through svchost?-tracert.png 
My System SpecsSystem Spec
.

23 Jan 2017   #4
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Tracert is run via Elevated Command Propmt - not DNS Eye. Your DNS Eye screenshot shows reverse DNS lookups for those two ip addresses.

RE: "Here are some of the Akamai IP's svchost has tried to connect to"

On my machine ii only tries to connect to one Local Akami server when Windows Updates checks/ downloads are running.

Maybe you have MS Office Suite or other additinal MS Products installed that check for updates? I don't have any additional MS software on my machine so cannot say for sure if this is the case.

Check services running under svchost.

Svchost Process Analyzer - a svchost.exe file checker
My System SpecsSystem Spec
23 Jan 2017   #5
VeganCaramel

Quad boot: XP-32-Pro, 7-32-Ult, 7-64-Ult, Ubuntu-64
 
 

Quote:
Tracert is run via Elevated Command Propmt - not DNS Eye
.
Yeah, that screen cap is of what DnsEye displayed when I ran the Tracert on one of the above-listed Akamai IP's via elevated command prompt.

Quote:
Maybe you have MS Office Suite or other additinal MS Products installed that check for updates?
No, but thanks for reminding me about SvchostAnalyzer.
I had planned to use it a while back for this very purpose but completely forgot about it. Nothing unexpected running right now but I'll be sure to fire it up the next time svchost tries to connect to an Akamai server.
My System SpecsSystem Spec
23 Jan 2017   #6
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

You could try setting windows updates settings to "never check for updates" for a couple of days and if you don't get any connections then you can rule out anything else.
My System SpecsSystem Spec
23 Jan 2017   #7
samuria

win 8 32 bit
 
 

It's considered as malware it's a p2p program which is used for streaming getting the file from lots of places problem is it keeps using your bandwidth to feed other people remove it from the system it's not part of Windows
My System SpecsSystem Spec
23 Jan 2017   #8
VeganCaramel

Quad boot: XP-32-Pro, 7-32-Ult, 7-64-Ult, Ubuntu-64
 
 

Quote:
You could try setting windows updates settings to "never check for updates"
That's what it's always set to, plus the service is disabled via services.msc
I only allow it to be enabled for a short period after I install the OS then it stays disabled.
My System SpecsSystem Spec
23 Jan 2017   #9
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

You can try netstat logging. I use EssentialNetTools with logging enabled. Anyway I've just seen the same thing on my machine:

PID 980
Why does Win7 frequently try to access Akamai servers through svchost?-essential-nettools.jpg
Connects to Akamai Server but only briefly
Why does Win7 frequently try to access Akamai servers through svchost?-ipnetinfo.jpg
Something running under one of these services is responsible
Why does Win7 frequently try to access Akamai servers through svchost?-svchost-process-analyzer.jpg
That's as far as I get at the moment.


My System SpecsSystem Spec
23 Jan 2017   #10
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Okay rule out Nlasvc. I've already applied this setting on my machine some time ago. Just checked.

What do Microsoft and NCSI have in common? - TechRepublic

That leaves the other two.

I give up for today. Might do more research tomorrow. Let me know if you track it down.
My System SpecsSystem Spec
Reply

 Why does Win7 frequently try to access Akamai servers through svchost?




Thread Tools




Similar help and support threads
Thread Forum
svchost (netsvcs) download from Akamai - What is initiating?
Platform: Windows 7 Home Premium 64 bit, ASUS K52F laptop Note: I have posted this on 2 other forums & did not receive a solution so I am posting it here. Hope that is okay. I have observed extensive downloads (using the NetMeter gadget) averaging 400-600kbps for up to 10 minutes from Akamai....
Network & Sharing
svchost.exe using almost all available random access memory after boot
Hello, I will start by describing the problem: Whenever I start up this laptop, usually after opening Firefox I find that it keeps freezing by even hovering the mouse cursor over links, or UI elements. It turns out that the problem is an "svchost.exe" process that takes up to 800MB of my ram (out...
General Discussion
Digital River Win7 ISO servers taken down again
I heard about this just now in Clean Reinstall Windows 7 thread: As Jann from Heidoc reports in Windows 7 Direct Download Links as of now only English and Spanish are still up, links being replaced by a new MS Recovery Center that provides ISO's for a retail Product Key. I'd also...
General Discussion
Problem - Network Access - Can't map drives, can't see any servers
I've got a ThinkPad x220 here and randomly started having issues accessing the network (mapped drives and printers). The computer can still access our Intranet (Sharepoint) and Exchange Server (Outlook says connected and we can send/receive) I tried disconnecting the drives and reconnecting,...
Network & Sharing
2 COD 4 Servers for those with Win7 64
I have 2 COD4 Server located @ 208.43.15.45:28930(-=IT=-) and the other at 208.43.23.172:28930(ROC-Realm Of Chaos) These are Linux (cent OS) servers, low ping :cool: I modified the pb_sv_Restriction to read like this: pb_sv_Restrictions 0 So that Win7 64 bit users can get on with...
Gaming


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:15.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App