Hi, I have a service that shows in procmon as making requests to akamaitechnologies.com
My service has nothing to do with akamai and my customer wants to know why my service is making requests to it.
Given the nature of other threads here that mention connections to akamai, I'm looking for more info.
Why is this in my service? Will it show in other processes? How / When does Symantec decide which process it does this in?
How do I make this NOT happen?
Why isn't it only in Symantec processes?
2:05:27.1123701 PM 0.0000000 00:01:30.3355680 my.service.exe 2268 0 TCP Reconnect host.customer.company.com:62212 -> a23-206-193-152.deploy.static.akamaitechnologies.com:http SUCCESS Length: 0,
seqnum: 0, connid: 0 C:\Program Files\MyCompany\my.service.exe
Version info:
C:\windows\system32\DRIVERS\Teefer.sys
Symantec CMC Firewall Teefer3
12.1.6531.6300
9/22/2015 11:23:48 PM
Stack:
0 ntoskrnl.exe EtwpTraceNetwork + 0x53 0xfffff800033770d3 C:\windows\system32\ntoskrnl.exe
1 tcpip.sys ?? ::FNODOBFM::`string' + 0x32307 0xfffff88001ec2a37 C:\windows\System32\drivers\tcpip.sys
2 tcpip.sys TcpProcessExpiredTcbTimers + 0x28a 0xfffff88001e8b3fa C:\windows\System32\drivers\tcpip.sys
3 tcpip.sys TcpPeriodicTimeoutHandler + 0x265 0xfffff88001e8b71d C:\windows\System32\drivers\tcpip.sys
4 ntoskrnl.exe KiProcessTimerDpcTable + 0x6c 0xfffff80003284c3c C:\windows\system32\ntoskrnl.exe
5 ntoskrnl.exe KiProcessExpiredTimerList + 0xc6 0xfffff80003284ad6 C:\windows\system32\ntoskrnl.exe
6 ntoskrnl.exe KiTimerExpiration + 0x1be 0xfffff800032849be C:\windows\system32\ntoskrnl.exe
7 ntoskrnl.exe KiRetireDpcList + 0x277 0xfffff800032847a7 C:\windows\system32\ntoskrnl.exe
8 ntoskrnl.exe KiIdleLoop + 0x5a 0xfffff80003270b0a C:\windows\system32\ntoskrnl.exe
Other stacks in process show Teefer.sys