What are "nsurlsessiond" and "AssetCacheLocatorService"?

I ran across this thread because I wanted to ensure AssetCacheLocatorService was an Apple function. Then I saw this:

Linc Davis wrote:

Those are built-in system processes. "Little Snitch" is doing its job of wasting your time with utterly pointless alerts and interfering with the normal operation of your computer.

I guess we have a different definition of pointless. I prefer knowing which processes are connecting to which hosts. The fact that some random process name is suddenly, after literally years of operating my laptop & firewall, is making a new connection does not instill confidence in me that this is "normal operation".

But hey, you want to allow random things to connect to random hosts, go right ahead. Your computer, your data, your decision. Well, mostly, when your computer is botted and attacking me, then maybe it is not your decision.

That said, I would like to have a button in products like "Little Snitch" which says "allow all Apple registered System daemons to connect to trusted known <hosts|IP addresses>". Don't see it happening, though.

Agreed.

If I can get on my soap box really fast, once I was browsing the net, saw a jacket I liked and purchased it (I have a point so allow me to bring this around full circle). Anyhow, the next day or so, I was on FB and I see an ad for the jacket I had just purchased. Then again on a totally separate web page. This started happening with everything I was buying online. Anytime I bought anything I noticed it was showing up in ads as I surfed the web even if I used a different device (iPad, iPhone, Desktop, etc..) To me that's a bit freaky because I don't feel like my privacy is invaded. So thank you to all for this thread. It's about as pointless as having a lock on your door to you house and car.

SO has anyone or anything been found out what "nsurlsessiond" is for??

Brian Cross wrote:

why would all of my passwords potentially disappear if I locked out iCloud? They're not stored there. (In fact, they're not even stored locally, at least not the only copy of them.)

I'm just violating the Apple Support Communities Terms of Use by speculating on what could happen in some future OS version.

Traditionally, it was no big deal to expect problems if you hacked on an operating system in unusual ways. But then the internet happened and people started copying and pasting hacks they found posted on the internet without realizing the scope of the changes they were making. Now that is compounded by Apple's laser-like focus on "the average user" at the expense of us "non-average" users.

For me, it is personal with iCloud. I have always used multiple partitions so I could keep multiple OS versions available for development and testing. That was never considered "hacking the OS" but it also wasn't quite "average user" behaviour either. I was very excited to get iCloud Keychain because I thought it would really make my life easier. It made my life much more difficult. I discovered that Apple no longer supports multiple boot partitions for some new features like iCloud Keychain. What other innocent habits do I have that Apple has deprecated?

So, the moral of my little story is that none of us have any idea what Apple's vision of its future, ideal customer might look like. Woe unto us if we deviate from what Apple expects us to do.

No. They're undocumented. Ask the developer of "Little Snitch," who, unlike me, thinks you need that information.

Brian Cross wrote:

Little Snitch is catching these processes trying to connect to various servers (and not Apple ones) at least once per hour. What are they? Should I just let them go?

How do you know they aren't Apple? Apple never tells anyone what it does. Third party software developers like Little Snitch have to figure things out the hard way. nsurlsessiond is thought to be related to iCloud Drive. AssetCacheLocatorService is, as the name implies, some kind of caching service. The servers it connects to may or may not be Apple. It will be very difficult to find out for sure because Apple never tells. I suggest you just include these in Little Snitch's Apple whitelist.

I had the same question.

after doing some internet searching, it seems like nsurlsessiond may have to do with apple's iCloud backup.

AND there are people complaining that it's severely draining their internet. I'm not using iCloud, so I deny it using little snitch, and I'm going to keep doing it until I have more info

Brian Cross wrote:

I don't use iCloud, either. Hadn't heard about the "Internet drain," though. Perhaps I should just deny nsurlsessiond access as well.

I'm not going to say your wrong about that or that you shouldn't do that. I'm not happy with most of Apple's new direction over the past couple of years. However, I do know how Apple works and using a 3rd party tool like Little Snitch to interfere is taking a risk. Apple is literally turning iCloud into the foundation of the OS. If iCloud is disabled, you could find yourself unable to login one day or all of your passwords could disappear. Who knows.

So, if you do want to interfere, you need to be aware that you are hacking the OS and take precautions. If you have an opportunity to participate in a beta program, take it. Use old machines or VMs to test configurations. Be very cautious about any upgrade, no matter how small. Keep good backups. Time Machine is great and I'm a big fan of it. But if you are doing OS-level hacking like this, you may put Apple's Time Machine at risk too. So you will need a non-Apple backup instead of or in addition to Time Machine.

I do use iCloud Keychain now, but I'm very careful about it. I don't use multiple boot partitions anymore. I use VMs for old OS versions now. I was very cautious about the upgrade to iCloud Drive in Yosemite. Of course, all of that causes me to miss some of the new developments in Yosemite. Regular people just can't keep up with Apple's update schedule anymore.

It appears that AssetCacheLocatorService relates to Software Update. If you maintain a large network of Apple computers, and you use one as a server, you can configure that server to run a caching service. This allows you to download the newest software update for all of your iMacs and Minis once to your server, and then update your fleet from your local caching service on your server, rather than spending the bandwidth to update each one individually over the internet. It appears that when searching for the closest server running the caching service, the clients check the authenticity of the service by verifying the server's signature with Apple itself.

Apple appears to do this for its own Software Update downloads to all of us over the internet, thus spreading the load for them.

I use the Hands Off! firewall, and I've blocked all network actions of AssetCacheLocatorService for now. I have some updates waiting, so I'll see how this affects my next update process, and post the results here.

Next up: "nsurlsessiond".

Caution: I've collected this info via research on Google and not through personal expertise. I've not included the appropriate links because I don't usually post here and I'm not sure of the appropriateness or terms of service limitations on doing so. Thus I encourage your own verification of said research.

I used my firewall to block all network activity by AssetCacheLocatorService, then I ran App Store > Updates. Several updates, both Apple and 3rd Party, were found, but when I clicked "Update" I got an indefinitely spinning grey wheel. I gave it a few minutes but nothing changed. I stopped the update process, re-enabled network connections for AssetCacheLocatorService, and updates began the moment I clicked "Update".

IOW, AssetCacheLocatorService isn't malicious, it's the mechanism used to serve us our updates. We should let it do what it does without interference.

Thanks for that TOS violation, etresoft! ;-) This has been my conclusion as well, but my posts always seem to get deleted, and now I'm not even allowed to click the "this helped me" button. I've stopped trying to just get work done, and now Do It The Apple Way if at all possible, and save configuring things for my "Different way of Thinking" for computers running other operating systems that won't punish me for changing things. Oddly, even doing everything The Apple Way doesn't seem to be enough to get my Macs running properly. The fact that almost every one of them has required a Main Logic Board, or other component, to be completely replaced also makes determining whether it's something that I've broken in software, or just another Apple Lemon, a bemusing game.

Linc does have a point though... trying to eschew The Apple Way, even in the slightest (like selecting ISO8601 date formats! ***?!) will cause you more harm than good. Probably just installing Little Snitch is enough to void your warranty and flip the NSA bit in your EFI firmware!

Same thing here, Little Snitch showing these connections so did a bit of digging and it is in fact Apple's update services. Better safe than sorry in these cases, I love Little Snitch, as long as you don't get paranoid about network connections, pretty much all of them are normal.

Also good to have a basic knowledge of firewalling/routing/NAT as well.

Having access to several high end routers/firewalls and their IDS logs, I just know that every second of every day someone outside is trying to get inside, somewhere, on some port or other.

Always make sure the door is locked.

Human nature I guess, like trying a phone line to see if someone is home.

Adrian.

Same here. It's trying to connect to 8.8.8.8 which is google. So it is obviously collecting metadata and God knows what else for Google. And by the way Little Snitch is probably the best app you can have for OS X (other than a good IRC client).

-xo