In short download.microsoft.com use akamai Server: Log: [roam@straylight ~]> dnsq a download.microsoft.com f.root-servers.net 2 download.microsoft.com: 472 bytes, 1+0+13+13 records, response, noerror query: 2 download.microsoft.com authority: com 172800 NS i.gtld-servers.net [snip others 12 gTLD servers] [roam@straylight ~]> dnsq a download.microsoft.com i.gtld-servers.net 2 download.microsoft.com: 238 bytes, 1+0+5+5 records, response, noerror query: 2 download.microsoft.com authority: microsoft.com 172800 NS dns1.cp.msft.net [snip more, 4 levels] [roam@straylight ~]> dnsq a download.microsoft.com dns1.cp.msft.net 2 download.microsoft.com: 84 bytes, 1+1+0+0 records, response, authoritative, noerror query: 2 download.microsoft.com [b]answer: download.microsoft.com 3600 CNAME* *dl-geodir.microsoft.akadns.net[/b] I send this because of spam of the blocked ip from malwarebytes, when tray automatic download is used only, no browser activity. And this spam is only for download.microsoft.com, when use update in site or automatic. May be some malware are hosted too on akamai servers, so just look for pass the side of download.microsoft.com. All the best for your light-weight and massive killer and for the team behind them, Sony Georgiev, Bulgaria