CSI: My Computer - What is netsession win.exe from Akamai and how did it get on my system?

Admin

I know my system backwards and forwards and I do not like noticing stuff running in the background that I don't recognize. Recently I was checking out the Task Manager (right click on the clock, and select Task Manager or press Ctrl-Alt-Del and click Task Manager) and noticed TWO copies of "netsession_win.exe" running with a peak memory working set of about 25 megs. Ok, what's this? It's the Akamai Net Session Interface. Ick.

netsession_win.exe in my Windows Task Manager

You can always right click on suspicious processes and click Open File Location. This little tip is often enough to jog your memory and go, "Oh, THAT."

Open File Location in Task Manager's Context Menu

Hm, that dropped me into C:\Users\scottha\AppData\Local\Akamai. I know who Akamai is. They are a download accelerator used by lots of companies. Kind of the first large Content Distribution Network or CDN.

Am I sure it's them and not someone evil trying to fake me out? Right click on netsession_win.exe, then Properties.

Akamai's NetSession digital signature is legit

Well, they have a legitimate digital signature, interestingly they signed this on the 11th of November. Looks like this was recently installed automatically by something, perhaps Flash or Adobe Acrobat.

I wonder if someone needs to tell Akamai that their freshly installed service that just (kinda, a little) snuck on my system has a digital certificate that expires in 5 weeks. Are they or one of the companies that uses them going to update this client and cert soon?

Akamai's digital certiticate expires before Christmas

Running services.msc from Start | Run tells me that this runs as an Automatic Service. At least it's a Delayed Start so it doesn't slow down my boot.

Services (158)

The only thing I installed on my machine on the 11th was an automatic update to Adobe Flash. That's my #1 suspect right now as it's the only thing that I ran as Administrator that day.

For now, I'll keep it on my machine because it:

  • Is from a reputable (so far) company
  • Is known to be used by folks like Netflix, etc to speed up downloads
  • Has an uninstall available in Installed Programs
  • Feels legit
  • Has a control panel icon and a Read Me with lots of info about what it does (except who installed them)
  • Has a customer bill of rights online with details with test demo pages about their API.

I will say this, though. Whatever program installed it should have told me first before chaining it in. At least with Evil Toolbars I can see them. Not cool Akamai. Who installed you?

You're on notice.

UPDATE: Looks like this is using my own computers bandwidth to upload to other Akamai users. They're using our computers and network to make other people's uploads faster. That sounds like I'm running a Torrent and no one asked if it was OK. I'm continuing to dig into this, like disk space usage, etc.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter

Hosting By
Hosted in an Azure App Service