New
#1
Why does Win7 frequently try to access Akamai servers through svchost?
Win 7 frequently tries to access Akamai servers through svchost.
Win XP never tries to do this.
Anyone know what M$ added to Win 7 that's trying to access these servers?
Notes:
- Win 7 does this even after a fresh install with no other software installed.
- Don't need any guesses. I have a whole list of guesses from googling. I'm wondering if anyone knows what Windows is actually doing.
- I'm using Win 7 Ultimate x64, super lean; no bells & whistles active; all non-mandatory services disabled, including Windows Update.
SOLVED:
Two Windows services, CryptSvc and NlaSvc, were trying to contact Akamai servers via svchost.
After monitoring their traffic, it appears CryptSvc may have been engaging in CRL activities and NlaSvc may have been engaging in NCSI activities. Much of the traffic was, understandably, not easily decipherable so I can't pass judgement on whether or not the communications were entirely innocent/harmless. Elsewhere in this thread, I've posted the results of the monitoring if you want to have a look.
Disabling CRL checking and Active Probing put an end to the Akamai server contact attempts. I posted more details and instructions elsewhere in this thread.
Last edited by VeganCaramel; 28 Jan 2017 at 02:09.