Will the harvesting of information, and data mining become the future of R.I.?

Ken logo _n3

 *Note: In addition to the article posted below, to understand more about Akamai Tehnologies please also see – https://mpql.net/projects/akamai-kneecap-buster

Microsoft Community

Stop Akamai Tehnologies from downloading —

Ross Headifen asked:
My wifes computer furiously down loads data from Akamai technologies when ever it is connected to the internet.  THis slows down the machine, fills it up with a lot of MB that I can’t tell go where.  We are also paying for down load traffic so it costs us a small fortune every time we connect to the internet.   Web searches show Akamai tech is not a virus.  Lots of people ask about how to stop it but no one answers the question.
We have windows update turned off, only alert for new updates.   No other updates are on either.  We don’t do much with the web apart from email and a few webpages for travel planning etc.   So I can’t see why Akamai is trying to down load so much.  It down loads all the time and there sems to be no end of the down load in site.  Will this go on forever?    My own computer does not have this problem at all and they are both the same age, running Vista.    There must be a way to control this.  Any help appreciated.
The firewall should stop this I would have thought, but NO.   We run zonealarm Pro too and it doesn’t pickup this incoming traffic either.
THe traffic is coming in through SCVHost.exe Process 1200 and in their it lists the IP address of Akamai Techologies.  But that changes too with different log on sessions.
There must be a way to control this?
THanks Ross
26 people had this question

Answer

Don Varnau replied:
MVP
Community Moderator
Hi,
Your antivirus program or security suite *should* have automatic updates enabled. It’s very important that virus/malware definitions be kept current.
A program on your computer is requesting content which Akami servers are delivering. Determine which program is requesting the content.
– – –
Start Internet Explorer without add-ons by right-clicking the IE icon on the desktop. Choose Start without add-ons.
or
from Start> Programs> Accessories> System tools> Internet Explorer (no add-ons)
If the traffic stops, a browser add-on is responsible.

For troubleshooting information see:
IEBlog  Troubleshooting and Internet Explorer’s (No Add-ons) Mode:
http://blogs.msdn.com/ie/archive/2006/07/25/678113.aspx

– – –
From Start> Run, type in msconfig then hit Enter. Go to the Startup tab. Examine programs that are loading at startup to see if one of them is causing this traffic by updating or through some other process.
– – –
When you see the Akami traffic, open Task Manager via Ctrl-Alt-Delete. Look at the Applications tab, then the Processes tab. Examine those applications and processes. Could one of them be causing the traffic?
– – –
Fiddler2 (freeware) from http://www.fiddler2.com should be able to identify the program which is requesting content from Akami servers. There’s a bit of a learning curve, but the program is not terribly difficult to use.
– – –
More on Akami:
http://www.akamai.com/html/about/index.html
http://en.wikipedia.org/wiki/Akamai_Technologies
Hope this helps,
Don
5 people found this helpful

All replies (9)

nimrt6 replied:
I’ve had similar difficulties with “Akamai Technologies”interfering with my bandwith and slowing down my computer so that I could not read emails, surf the web, ect.  Looking into Akamai and some of what they do was surprising. One article I read indicated they also provide information to the National Security Agency. Harvesting of information, data mining has been in the news alot lately. Invasion of privacy is a concern of mine. George Orwells book 1984 was an eye opener for me in High school. Big Brother looking over the shoulders of United State citizens have a valid concern with Terrorists, 911, ect. However,  I wonder how far will it go, how much is too much.

Nick Martin

5 people found this helpful

LeeC2202 replied:
Akamai has close ties with Microsoft themselves. When you download the Win 8.1. Enterprise evaluation, you are forced to install the Akamai Netsession Interface Client, to manage the download. What they don’t tell you, is that when the download is finished, this client is not removed. I consider that a serious breach of privacy, by not disclosing a programme that is going to remain resident and active on your computer.
I have just been monitoring network packets on my PC, and several connections have been attempted to Akamai IP addresses. Why would a piece of software that is installed to manage a download, need to remain on your PC after it has finished?
Check user/appdata/local for an Akamai related folder, or check your add/remove programmes for an Akamai entry.
4 people found this helpful

JTFuhler replied:
Although Akamai is used by Microsoft, it is a “big data” warehouse used by more than 2,800 other Akamai customers. They are a for profit content delivery network for many companies, including those who profit off of your information. Because of this, Akamai is an indirect threat to release of your personal information including browsing habits and identify information. Do what you need to do to protect yourself and your family.
JTFuhler
7 people found this helpful

OpBrokenCloud replied:
Insider
<Removed- CoC violation> he said the file explorer. ProcessHacker also catches this, as well as Wireshark.
An outbound firewall block on explorer.exe will not work. Akamai, as the biggest cookie monster, knows how to escape with edge service, aka use DNS protocol as a guaranteed outbound. If you notice, Windows Firewall is keen on the ability to block inbound edge traversal. Yipee. Also, I have an extensive ip range list for Akamai, and if any of the blocks work, they usually strip website access. Most register Akamai as NSA part deux. Because the private SMB market will take over and destroy Wallstreet, right? Okay.
Tell the CEO of Microsoft to stop acting like he knows what security procedure is.
2 people found this helpful

OpBrokenCloud replied:
Insider
//NO: REAL ANSWER :: SMOKING GUN WITH DETAILED ANALYSIS
//QUICK SOLUTION (THE ONLY ONE SO FAR)
Add an outbound rule in Windows Firewall to block explorer.exe with all network profiles.
//EARLY SUMMARY
Essentially, the explorer core is responsible, regardless of the file browser. It is aware of connectivity, and it is unacceptible by any privacy advocate’s or security analyst’s ethical standards. I have ruled out all obvious services, blocked Live tiles/Metro apps/Store, and everything else uses svchost or it’s own daemon. I am not some grand master, but if there is a service that can invoke explorer, such as the network connection apps themselves, then that has been kept a dark secret. I’ve stripped down the OS as far as I can go without hindering my own productivity, and it still happens. Microsoft can not justify some “keep-alive” outbound to a third party by the core OS app.
//READ BELOW FOR MY PROCESS
You will find the pattern and behavior analysis important in my determination. I test whether the file browser open matters and Windows Defender. Windows Updating has it’s own service and Ad-Hoc Hosted Networking or virtual adapters do not effect the situation. Not described here: how I shut down and block Windows Store and the Live Tiles, and Office-To-Go/OneNotes. It does not matter but I isolate traffic this way. Finally, file sharing and network discovery had no impact on explorer behavior… switching to your Public profile will not block it.
//Explorer.exe Outbound Analysis
Now that other services have been handled, Live apps and Store shutdown, updates manual, I can review explorer.exe and why it goes outbound to Akamai, unhidden by a svchost.exe obfuscation. BTW, I seriously locked down the firewall, disabling the allowances for any Windows service I do not use. That did not matter, apparently.
In the firewall outbound block, I noticed domain and public profiles were checked but not private, so I went ahead and checked that. As a matter of fact, I had been in private profile rather than the safe public profile while connected. I set the public profile to not allow filesharing for my recently built hosted network/ad-hoc device connection. I doubt that is related, and the hostednetwork was stopped with no available file shares. Now, I have to pay attention to every action while connected, internet browser open or not, trying to replicate what I did the other night…
//Attempt 1: Replicating the Situation [2000hours Wed 13 May 2015]
explorer.exe a23-45-37-209.deploy.static.akamaitechnologies.com out on TCP port 80 @ ~2030hours for 2 or 3 minutes
my firewall explorer.exe outbound block turned off, file explorer open and minimized for bait
ProcessHacker on, Wireshark off; nothing in Task Scheduler for the evenings
Livecomm.exe, WWAHost.exe, Runtime Broker all outbound blocked; WSAHost.exe renamed and the Store is non-functional
I switched back into private profile with file sharing turned on
Firefox open to Bing search, Microsoft Community forum, 2 Akamai End-User FAQs, and Comodo user forum
After several Akamai cookie threads outbound, reduced to an explorer.exe outbound arbitrarily, without opening other apps.
No svchost.exe established associations going outbound, just Firefox and relevant cookies.
Comodo forum explains the reasoning off to digital signatures… no, fake response
The Comodo cookie comes back to refresh, the explorer.exe outbounds again to the same address @ ~2046hours for ~3minutes
Again, no other outbounds and the usual 2 Firefox local ports open for business; dnscache unrelated with other connects
Firefox on Google WebKit Engine has 1e100.net hard-coded into the browser, pops up but goes away, also unrelated
dasHost.exe is available when hosted networking(ad-hoc) is setup(not running) (I have no shares), maybe unrelated but implicated
I reload the Akamai End-User FAQ site, cookies abound and explorer.exe pops up again, I kill the connection in ProcessHacker
that was at 2058hours
I clean out the cookies and reload the tabs; I want to try and establish that browser activity is associated with explorer outbound
Bing Search is exclusively msedge.net servers
no mas, so I empty cookies and history stuff, re-open Firefox and tabs, all cookies blazing and they eventually fade
If I can do this again and kill Firefox with an explorer in progess, I could see if that also kills the explorer connect
I reopen my Pioneer Rekordbox Media Player and see explorer is up @2130hours
– Rekordbox Windows Firewall verify to allow in private profile; first time explorer shows with this verify; maybe unrelated
I close Rekordbox and Firefox, explorer remains connected for it’s 2-3 minutes
Still can not establish a behavioral standard, or timing, and refuse to dig through cookie variables; will try different combos and no Firefox tomorrow
Just before ending the day, explorer open, firefox and Rekordbox closed, it pops up
explorer.exe (2572), xxxxxxx.attlocal.net, 54304, a23-36-86-135.deploy.static.akamaitechnologies.com, 80, TCP, Established,
@2146hours
so, two solid explorer pattern sets, each out ~15min apart, the sets are an hour block apart; seems independent of browser activity
//Attempt 2: No Firefox or Apps Open [Thursday 14 May 2015]
I noticed in ProcessHacker right away, a short explorer outbound to Akamai for ~2sec [0932hours]
dasHost opens on network connection
No Firefox or media players open, just file explorer, notepad and ProcessHacker
Sure enough, outbound at [0947hours] the first 15min set; while the initial was a split second send, this was the usual 2min
explorer.exe (3172), xxxxxxx.attlocal.net, 54329, a23-78-241-168.deploy.static.akamaitechnologies.com, 80, TCP, Established,
Now, if I guessed right, another set an hour apart, starting at 1032hours…
[1002hours] explorer.exe (3172), xxxxxxxx.attlocal.net, 54331, a23-78-241-168.deploy.static.akamaitechnologies.com, 80, TCP, Established,
So an initial “hey I’m here” then the first 15min set for 2min each duration.
[1032hours] explorer.exe (3172), xxxxxxxxx.attlocal.net, 54332, a23-78-241-168.deploy.static.akamaitechnologies.com, 80, TCP, Established,
[1047hours] explorer.exe (3172), xxxxxxxxx.attlocal.net, 54333, a23-78-241-168.deploy.static.akamaitechnologies.com, 80, TCP, Established,
On the dot. I am thoroughly satisfied I have the pattern locked in. Next set starts at 1132hours.
//Attempt 3: What Stops explorer outbound? Switching to Public Profile [result=negative]
In Win8.1>Connect to Network>Win+C Charms>Settings>Change PC Settings>Network>Click Your Connection>Turn Off Find Devices and Content
Verify this by Network and Sharing Center>Change Advanced Sharing Settings>Your Public Profile should be extended…
I have Network Discovery and File Sharing Turned Off
dasHost.exe goes away in ProcessHacker Network tab activity; it still runs as a process
Interesting: w/o disconnecting before switching to Public Profile for safety, it pops up. So much for public profile, alone.
[1102hours] explorer.exe (3172), xxxxxxxx.attlocal.net, 54334, a23-78-241-168.deploy.static.akamaitechnologies.com, 80, TCP, Established,
I verified in my open explorer that my network sharing capability disappeared. It pops up a notice bar to that effect.
I feel slightly safer knowing that it isn’t a direct network sharing exploit by Mr. Johnson; more perplexed because the Public profile did not do jack against Akamai outbound. Again, no explorer outbound block in firewall or whitelisting(block by default).
[1117hours] nothing
[1132hours] explorer.exe (3172), xxxxxxxx.attlocal.net, 54336, a23-78-241-168.deploy.static.akamaitechnologies.com, 80, TCP, Established,
Moving on to the next combi-hell…
//Attempt 4: What Stops explorer outbound? Disallowing Hosted Networking and Disabling Virtual Adapters [result=negative]
Move back to Private Profile for the experiment; I did not disconnect this time either
admin shell(WIN+x+a)>netsh wlan set hostednetwork mode=disallow
Device Manager>Show Hidden Devices>right-click disable: MS Hosted Network Virtual Adapter, MS Wi-Fi Direct Virtual Adapter
When disallowing hostednetwork, the appropriate adapter disables; you need to disable the Wi-Fi Direct
dasHost.exe in service, in Private Profile with Network Discovery and File Sharing On
If this blocks, then I take a step backwards to try and bring Akamai back… Nope
[1147hours] explorer.exe (3172), xxxxxxxx.attlocal.net, 54351, a23-78-241-168.deploy.static.akamaitechnologies.com, 80, TCP, Established,
//Attempt 5: What Stops explorer outbound? Firewall outbound block rule by itself [result=positive]
re-allowed hostednetwork, re-enabled virtual adapters, stayed in Private Profile
re-enabled my explorer outbound rule, blocking with all profiles
With hosted networking (ad-hoc) functional, noticed under my networking tree in explorer “Internet Gateway Device” created by the Internet Connection Sharing(ICS) availability from ad-hoc.
Stayed connected during changes, dasHost still available…
[1232hours] nothing
[1247hours] nothing
[1302hours] nothing
//Attempt 6: What Stops explorer outbound? Other than Firewall, is there a way to make this go away?
With all of my previous attempts, I stayed connected and dasHost was available. I wonder if I can just switch into Public profile, disconnecting and re-connecting, making sure dasHost is not running, as I suspect there is a correlation. In other words, why should I have to use a firewall rule to make this nefarious connection go away? What are my behaviors and network config that does this? Given my past attempts, I now know what conditions invoke and what doesn’t effect explorer.
– disconnect
– disable the firewall rule
– connect and switch to my optimum Public Profile (No file sharing or network discovery)
I manually terminate dasHost in ProcessExplorer. This is my first step in finding out if Device Association is related. Based upon past conditions, I should have some Akamai given Attempt 3.
[1332hours] explorer.exe (3172), xxxxxxxx.attlocal.net, 54451, a23-78-241-168.deploy.static.akamaitechnologies.com, 80, TCP, Established,
This turns out bad because dasHost doesn’t exist as a Process or Established Networked Service. Based upon prior attempts, none of my suspects are responsible for the crime. It looks like explorer is coded to act on his own volition. Based upon Attempt 4, I should not have to disallow hostednetworking or disable virtual adapters. I need a few more connects, and then I will simply close out explorer…
[1347hours] explorer.exe (3172), xxxxxxxx.attlocal.net, 54454, a23-78-241-168.deploy.static.akamaitechnologies.com, 80, TCP, Established,
Okay, as per Attempt 1:
Livecomm.exe, WWAHost.exe, Runtime Broker all outbound blocked; WSAHost.exe renamed and the Store is non-functional
Zero traffic from those, and my last ditch effort to implicate another service is to turn off Windows Defender: I turn off real-time protection and turn off the app from the Defender console and wait…
[1352hours] I just missed the explorer connect in ProcessHacker; let’s see if it goes again (I still have file explorer open)

I try and re-up Defender and it locks trying to engage real-time. Re-boot, Defender up, file browser open, start over…
Apparently, dasHost does not terminate properly on it’s own; it is gone on a fresh re-boot with Public Profile connected.
[1417hours] explorer.exe (2528), xxxxxxxxxxxx.attlocal.net, 49162, a23-36-86-135.deploy.static.akamaitechnologies.com, 80, TCP, Established,
[1430hours] explorer.exe (2528), xxxxxxxxxxxx.attlocal.net, 49164, a23-36-86-135.deploy.static.akamaitechnologies.com, 80, TCP, Established,
Good enough; I down Defender again before Akamai disconnects. Within an hour, it should pop back up…
[1439hours] explorer.exe (2528), xxxxxxxxxxxx.attlocal.net, 49165, a23-36-86-135.deploy.static.akamaitechnologies.com, 80, TCP, Established,
Uh Oh (technical response)…
[1500hours] explorer.exe (2528), xxxxxxxxxxxx.attlocal.net, 49167, a23-61-66-128.deploy.static.akamaitechnologies.com, 80, TCP, Established,

Now I close out the Windows file explorer. Note: explorer is not just a file browser, but the core graphical shell for the OS. If you nuke the explorer process, it restarts the shell into taskman so you can re-run explorer, or it re-starts by itself.
[1530hours] explorer.exe (2528), xxxxxxxxxxxx.attlocal.net, 49168, a23-61-66-128.deploy.static.akamaitechnologies.com, 80, TCP, Established,
[1545hours] explorer.exe (2528), xxxxxxxxxxx.attlocal.net, 49169, a23-218-134-94.deploy.static.akamaitechnologies.com, 80, TCP, Established,
EOL
8 people found this helpful

ClaudeDesrochers_774 replied:
Insider
Use Mcafee, no more problem.
Be the first person to mark this helpful

OpBrokenCloud replied:
Insider
Thanks for the AV advertisement but no. Sorry for my tedious details, but Defender is fine. It was purely explorer.exe for this instance, and my opinion, an OS design ethical/security issue. Microsoft uses Akamai for many services and is pointless to block from ip ranges in firewall because they will strip websites. You can, however, do yourself a favor and block explorer outbound.
This occurrence is also relevant for Win7+ and I continue to block explorer.exe in firewall to this day with Win 10. Now we have more issues with dozens of services trying to escape your machine.  Not minimalist security philosophy.
Update:
With Windows 10, blocking explorer.exe outbound does not seem to interfere with other services and I include it as a standard firewall rule.
2 people found this helpful

dkslopoke replied:
I have the same problem in my fresh install of windows 10 pro, my system is furiously trying to connect to Akamai Technologies, if you could see my ports going crazy trying to connect to 23.11.54.135 were talking every port I have at a rate of 10 or more requests per second. the reason its doing this is because the connection is being denied by my hosts file and firewall. but It saddens me that this is in the windows 10 pro package services. Akamai is not something I would want to have my ipaddress. we need to find the code that is originating these requests, and if applicable remove it. not only could it be a potential virus hazard but its literaly like an internal denial of service attack with the amount of connection attempts and cpu usage, but for now if your just wanting to block it you will need to open notepad as administrator then go here http://winhelp2002.mvps.org/hosts.txt and select all, copy all text and paste into c/windows/system32/drivers/etc/hosts. make sure to select “show ext. for known filetypes”. in folder options so you don’t end up saving it as a txt. file. this will block all ads in IE. then download peerblock from here https://www.iblocklist.com/files/PeerBlock-Setup_v1.2_r693.exe for windows, works fine with windows 10. for your lists, a good site is https://www.iblocklist.com/. Hope we can resolve this issue soon.
4 people found this helpful

Source — http://answers.microsoft.com/en-us/ie/forum/ie8-windows_vista/stop-akamai-tehnologies-from-downloading/71c2fb35-3fce-4a1a-89fb-0a4764d0fe6f?auth=1

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s