I need help in finding how to prevent svchost.exe from sending TCP to deploy.akamaitechnologies.com several times after each logon to my Win7 Professional PC. Doing so will allow the Comodo firewall to block unauthorized Internet access by malware hiding behind svchost.exe.
I used the free app at
systemexplorer.net to find lookup the URL given the IP address and to trace that the process ID for the sending instance of svchost.exe is the one hosting the Cryptographic service. This instance of svchost.exe hosts no other services because I disabled the Workstation service. I don't understand why the Cryptographic service is accessing the internet since I used gpedit.msc to enable "Restrict Internet communication" under \Computer Configuration\Administrative Templates\System\Internet Communication Management\.
I have the latest version of Comodo's Firewall installed (CIS 5.10). I tried to block svchost.exe from outputting TCP to host name=deploy.akamaitechnologies.com and host name=akamaitechnologies.com, but Comodo's Firewall didn't block this. The IP address varies with each logon, so I cannot block it based on the IP address.
I tried disabling the Cryptographic service, but Win7 forces its startup type to manual and starts it automatically at the next reboot. I am hoping someone knows a Group Policy to turn off this internet access by svchost.exe.
More info about my configuration and experience:
https://forums.comodo.com/general-security-questions-and-comments/disabling-windows-internet-access-via-svchostexe-t70441.0.html;msg501001#msg501001
Author