Brian Cross

Q: What are "nsurlsessiond" and "AssetCacheLocatorService"?

Little Snitch is catching these processes trying to connect to various servers (and not Apple ones) at least once per hour. What are they? Should I just let them go?

OS X Yosemite (10.10.1)

Posted on Dec 16, 2014 8:12 AM

Close

Q: What are "nsurlsessiond" and "AssetCacheLocatorService"?

  • All replies
  • Helpful answers

Previous Page 2
  • by Boyd Porter,

    Boyd Porter Boyd Porter Dec 18, 2014 8:04 AM in response to Brian Cross
    Level 4 (1,048 points)
    Dec 18, 2014 8:04 AM in response to Brian Cross

    Akamai is used by many companies, including Apple.

     

    Have a nice day.

  • by Heiko Haller,

    Heiko Haller Heiko Haller Jan 30, 2015 2:19 AM in response to etresoft
    Level 1 (0 points)
    Jan 30, 2015 2:19 AM in response to etresoft

    They are not apple beacause the reverse ns lookup points to my internt provider

  • by LuciusM,

    LuciusM LuciusM Mar 8, 2015 9:51 AM in response to Brian Cross
    Level 1 (0 points)
    Mar 8, 2015 9:51 AM in response to Brian Cross

    It appears that AssetCacheLocatorService relates to Software Update. If you maintain a large network of Apple computers, and you use one as a server, you can configure that server to run a caching service. This allows you to download the newest software update for all of your iMacs and Minis once to your server, and then update your fleet from your local caching service on your server, rather than spending the bandwidth to update each one individually over the internet. It appears that when searching for the closest server running the caching service, the clients check the authenticity of the service by verifying the server's signature with Apple itself.

     

    Apple appears to do this for its own Software Update downloads to all of us over the internet, thus spreading the load for them.

     

    I use the Hands Off! firewall, and I've blocked all network actions of AssetCacheLocatorService for now. I have some updates waiting, so I'll see how this affects my next update process, and post the results here.

     

    Next up: "nsurlsessiond".

     

     

    Caution: I've collected this info via research on Google and not through personal expertise. I've not included the appropriate links because I don't usually post here and I'm not sure of the appropriateness or terms of service limitations on doing so. Thus I encourage your own verification of said research.

  • by LuciusM,

    LuciusM LuciusM Mar 8, 2015 10:14 AM in response to LuciusM
    Level 1 (0 points)
    Mar 8, 2015 10:14 AM in response to LuciusM

    For me, nsurlsessionid only seems to connect to " *.swcdn.apple.com", and I allow this.

  • by LuciusM,

    LuciusM LuciusM Mar 11, 2015 1:32 PM in response to LuciusM
    Level 1 (0 points)
    Mar 11, 2015 1:32 PM in response to LuciusM

    I used my firewall to block all network activity by AssetCacheLocatorService, then I ran App Store > Updates. Several updates,  both Apple and 3rd Party, were found, but when I clicked "Update" I got an indefinitely spinning grey wheel. I gave it a few minutes but nothing changed. I stopped the update process, re-enabled network connections for AssetCacheLocatorService, and updates began the moment I clicked "Update".

     

    IOW, AssetCacheLocatorService isn't malicious, it's the mechanism used to serve us our updates. We should let it do what it does without interference.

  • by ianai.net,

    ianai.net ianai.net Mar 18, 2015 8:32 AM in response to Linc Davis
    Level 1 (0 points)
    Mar 18, 2015 8:32 AM in response to Linc Davis

    I ran across this thread because I wanted to ensure AssetCacheLocatorService was an Apple function. Then I saw this:

    Linc Davis wrote:

     

    Those are built-in system processes. "Little Snitch" is doing its job of wasting your time with utterly pointless alerts and interfering with the normal operation of your computer.

     

    I guess we have a different definition of pointless. I prefer knowing which processes are connecting to which hosts. The fact that some random process name is suddenly, after literally years of operating my laptop & firewall, is making a new connection does not instill confidence in me that this is "normal operation".

     

    But hey, you want to allow random things to connect to random hosts, go right ahead. Your computer, your data, your decision. Well, mostly, when your computer is botted and attacking me, then maybe it is not your decision.

     

    That said, I would like to have a button in products like "Little Snitch" which says "allow all Apple registered System daemons to connect to trusted known <hosts|IP addresses>". Don't see it happening, though.

  • by vaporland.,

    vaporland. vaporland. May 6, 2015 12:51 PM in response to ianai.net
    Level 1 (10 points)
    May 6, 2015 12:51 PM in response to ianai.net

    I totally agree with you. I've been able to use Little Snitch to almost completely eliminate advertising when browsing the web and also cookie tracking.

     

    Far from 'utterly pointless'...

  • by WiLdCHiiLD714,

    WiLdCHiiLD714 WiLdCHiiLD714 Jun 27, 2015 7:45 AM in response to vaporland.
    Level 1 (0 points)
    Jun 27, 2015 7:45 AM in response to vaporland.

    Agreed. 

     

    If I can get on my soap box really fast, once I was browsing the net, saw a jacket I liked and purchased it (I have a point so allow me to bring this around full circle). Anyhow, the next day or so, I was on FB and I see an ad for the jacket I had just purchased. Then again on a totally separate web page. This started happening with everything I was buying online. Anytime I bought anything I noticed it was showing up in ads as I surfed the web even if I used a different device (iPad, iPhone, Desktop, etc..) To me that's a bit freaky because I don't feel like my privacy is invaded. So thank you to all for this thread. It's about as pointless as having a lock on your door to you house and car.

     

    SO has anyone or anything been found out what "nsurlsessiond" is for??

  • by ckeilah,

    ckeilah ckeilah Jul 2, 2015 2:51 PM in response to etresoft
    Level 1 (12 points)
    Mac OS X
    Jul 2, 2015 2:51 PM in response to etresoft

    Thanks for that TOS violation, etresoft!  ;-)   This has been my conclusion as well, but my posts always seem to get deleted, and now I'm not even allowed to click the "this helped me" button.  I've stopped trying to just get work done, and now Do It The Apple Way if at all possible, and save configuring things for my "Different way of Thinking" for computers running other operating systems that won't punish me for changing things.  Oddly, even doing everything The Apple Way doesn't seem to be enough to get my Macs running properly.  The fact that almost every one of them has required a Main Logic Board, or other component, to be completely replaced also makes determining whether it's something that I've broken in software, or just another Apple Lemon, a bemusing game.

     

    Linc does have a point though... trying to eschew The Apple Way, even in the slightest (like selecting ISO8601 date formats!  ***?!) will cause you more harm than good.  Probably just installing Little Snitch is enough to void your warranty and flip the NSA bit in your EFI firmware!

  • by losdelrock,

    losdelrock losdelrock Sep 20, 2015 3:26 PM in response to Brian Cross
    Level 1 (17 points)
    Wireless
    Sep 20, 2015 3:26 PM in response to Brian Cross

    Same thing here, Little Snitch showing these connections so did a bit of digging and it is in fact Apple's update services.  Better safe than sorry in these cases, I love Little Snitch, as long as you don't get paranoid about network connections, pretty much all of them are normal. 

     

    Also good to have a basic knowledge of firewalling/routing/NAT as well.

     

    Having access to several high end routers/firewalls and their IDS logs, I just know that every second of every day someone outside is trying to get inside, somewhere, on some port or other.

     

    Always make sure the door is locked.

     

    Human nature I guess, like trying a phone line to see if someone is home.

     

    Adrian.

  • by GreenMamba,

    GreenMamba GreenMamba Jan 17, 2016 6:02 PM in response to Brian Cross
    Level 1 (17 points)
    Desktops
    Jan 17, 2016 6:02 PM in response to Brian Cross

    Same here. It's trying to connect to 8.8.8.8 which is google. So it is obviously collecting metadata and God knows what else for Google. And by the way Little Snitch is probably the best app you can have for OS X (other than a good IRC client).

     

    -xo

  • by GreenMamba,

    GreenMamba GreenMamba May 4, 2016 6:25 AM in response to Brian Cross
    Level 1 (17 points)
    Desktops
    May 4, 2016 6:25 AM in response to Brian Cross

    nsurlsessiond


    Let me add something new to this discussion. I do not use Apple's iCloud. I believe in backing up my systems with good old fashioned (large & newest technological advanced) external hard drive devices. I just recently had to scour Google again looking for a new domain this little bugger was trying to connect to. It turned out to be a an Apple owned DNS, but in any case I have no idea what it was trying to connect to and/or what it was doing. You can't find that information anywhere. If Apple ends up making iCloud such an integral part of the Apple OS in which case you can't use the operating system without enabling and using iCloud, I will stop using Apple products and go back to buying PC's and just installing UNIX or a UNIX-Like OS (like OS X used to be and still is, or Linux). I really hope this doesn't happen. I used to work in the tech industry. I was paid to do some "pentesting" as a part of this job. Even though I LOVE my MacBook Pro, the more connections made doesn't create "a more the merrier" kind of situation. Advanced persistent threats thrive on these types of systems when there multiple open ports to allow for many different kinds of data to come and go, i.e Windows & Windows servers.

     

    P.S - I read something about Akamai ... well Akamai provides upwards of 30% of ALL internet/web traffic. They are one of the BIGGEST cloud platforms in the world today. And yes Apple uses them for SEVERAL different things. I think their only real competitor is EMC² when it comes to cloud computing and basic overall data warehousing.

     

    Enjoy.

     

    I hope this might shed some light or answer maybe 1 question to the many people who may stumble upon this thread.

Previous Page 2