Delivery Optimization service - downloads big file => RAM overflow - Windows 11 (2024)

hafk

• 
• Members
• 3 posts
• OFFLINE

• Local time:11:42 PM

Hello all,

in the last days I have been battling with a strange problem. First I have noticed this problem when my programs were randomly crashing due to no free memory left. After some digging, I have found out, that it's because of the "svchost.exe" proces, more specifically, it's the Delivery Optimization service's process ("C:\WINDOWS\System32\svchost.exe -k NetworkService -p"). The process is trying to download a big resource, which slowly increases RAM usage, until it crashes. Then it starts again and over and over.

Process info:

Screenshot_33.jpg 78.69KB0 downloads

Screenshot_34.jpg 100.15KB0 downloads

Using Fiddler, I was able to capture a requests that the process is sending. It tries to download these two resources:

http://xvcf2.xboxlive.com/6/8270b5a0-fc42-4d81-be77-6e9f30d1993a/636cb3a2-7597-46b8-9b88-71067717b0f1/5.0.11009.0.3d126e41-a0b6-447f-b026-0efb41fbd4da/Microsoft.4KAssetPack_5.0.11009.0_x64__8wekyb3d8bbwe.msixvc http://xvcf1.xboxlive.com/1/7044be92-f919-4f15-981e-5ea020f057f5/8d9b5bb7-6442-4dfe-97d9-641bfb57c835/5.0.7274.0.f6e35395-c5d3-4598-9763-30658558e6b4/Microsoft.Cardinal_5.0.7274.0_x64__8wekyb3d8bbwe.msixvc

For example the "4KAssetPack" is a 132GB file, so the process is using a partial HTTP download. However, it seems like it's in some kind of infinite cycle, because it requests the same byte ranges again and again.

Request #1:

Screenshot_31.jpg 265.9KB0 downloads

Request #2:

Screenshot_32.jpg 316.16KB0 downloads

So after some time of repeatedly calling these requests, the memory usage of the process reaches my maximum RAM, crashes and the download never finishes.

After some googling, I have found out, that the packages it tries to download, are somehow related to the XBOX app and Age Of Empires IV game. I have played this game like 2 years ago using Gamepass, however after that, I have uninstalled it and haven't used the gamepass since then. Now, for some reason, it came back from death.

The only way how to avoid the problem, is to block the "xvcf1.xboxlive.com" + "xvcf2.xboxlive.com" IPs in my router or to periodically manually stop the "Delivery Optimization" service.

I have tried to turn off the delivery optimization (in Windows 11 settings - "Allow downloads from other PCs" to false) and even turn off the Windows Updates. However, no change. The process still spawns and do his download.

I am usingWindows 11 Pro 22H2, OS build: 22621.1265, Experience: Windows Feature Experience Pack 1000.22638.1000.0, up to date. I have tried to clear Windows cache + SFC /scannow => no help either.

Does anyone have any idea why this might be happening? Why it tries to downloads a resources for a game, that I have not installed? Why it's even tries to download something, when I have the delivery optimization service completely disbled?

Thanks

Edited by hafk, 28 February 2023 - 05:09 AM.

Pkshadow

Me, Myself & I



• 
• Members
• 14,112 posts
• OFFLINE

• Gender:Not Telling
• Location:On the Brow of the Hill, West Coast, Canada
• Local time:03:42 PM

Hi, Welcome to BC.

So you have been working off of this : https://support.microsoft.com/en-us/windows/windows-update-delivery-optimization-and-privacy-bf86a244-8f26-a3c7-a137-a43bfbe688e8 ??

Your List shows : One step is missing is to change to Metered Connection.

Another step missing is : Modify Bits : https://www.thewindowsclub.com/service-host-delivery-optimization-high-usage

&

Run the WinSxS clean up tool with the Reset Base command. Type or Copy/Pastethe following command: Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase

MS Disk CleanUp : Search for CMD, Run as Administrator" then Copy/Paste --> : %SystemRoot%\System32\Cmd.exe /c Cleanmgr /sageset:65535 & Cleanmgr /sagerun:65535 then Enter, select all and sit back. It opens MS Disk Cleanup 2 Windows and cleans up more.

Nothing more in the kitchen sink.

Let us know how that works and what the cure is.

" mosquitoes really wake up everyday and choose violence " — dalia (@_dalia7)
www.cnn.com/2020/07/23/health/mosquitoes-attraction-humans-future-wellness-scn/index.html
Ticks - Lyme disease & anaplasmosis - https://www.ctvnews.ca/health/what-you-should-know-about-the-tick-borne-disease-anaplasmosis-1.6942217

I-7 ASUS ROG Rampage II Extreme / ASUS TUF Gaming F17 / I-7 4770K ASUS ROG Maximus VI Extreme

Wolverine 7

• 
• Members
• 5,147 posts
• OFFLINE

• Gender:Male
• Local time:11:42 PM

Maybe make sure the game IS completely uninstalled ,as here.

https://www.reddit.com/r/Windows10/comments/dbyozk/delivery_optimization_is_using_all_my_bandwidth/

Accidents don't just happen.They must be carelessly planned.

Dell Latitude 7380,Win 10 Pro,8GB,BunsenLabs Linux Antix Linux,,Kali Linux,

hafk

• Topic Starter


• 
• Members
• 3 posts
• OFFLINE

• Local time:11:42 PM

Pkshadow: Thanks, I will try your hints and let you know

Wolverine: that looks like a similar problem. However, I don't see the game in Windows 11 apps menu and neither in XBOX library. I also have disabled updates in Windows Store and XBOX, so it shouldn't be updating anything. I have even uninstalled the XBOX app completely.

Edited by hafk, 01 March 2023 - 09:54 AM.

hafk

• Topic Starter


• 
• Members
• 3 posts
• OFFLINE

• Local time:11:42 PM

So, I did everything. Every DISM operation was successfull. SFC /scannow also.

Looks like the problem is inC:\Windows\System32\config\systemprofile\AppData\Local\Packages\Microsoft.GamingServices_8wekyb3d8bbwe\LocalState\UserDataCache

Inside that folder, there are two folders with some files. In each of the folder, there is a "appxmanifest.xml" file, that is related to the package that the "Delivery Optimization" service is trying to download.

For example in "F6E35395-C5D3-4598-9763-30658558E6B4" folder, the manifest looks like this (related to "Microsoft.Cardinal_5.0.7274.0_x64__8wekyb3d8bbwe.msixvc" file):

 <Identity Name="Microsoft.Cardinal" Publisher="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Version="5.0.7274.0" ProcessorArchitecture="x64" />.... <Application Id="Game" Executable="RelicCardinal_ws.exe" EntryPoint="Windows.FullTrustApplication"> <uap:VisualElements DisplayName="Age of Empires IV" Square150x150Logo="logos\GraphicsLogo.png" Square44x44Logo="logos\SmallLogo.png" Description="Age of Empires IV" ForegroundText="light" BackgroundColor="transparent">

However, when I remove everything fromC:\Windows\System32\config\systemprofile\AppData\Local\Packages\*, then after some time, the "Microsoft.GamingServices_8wekyb3d8bbwe" folder is back again.

I have found out, that these folders are created by "gamingservices.exe" process, which is part of the "Gaming Services" windows service. There is also a Gaming Services app. However, the app can't be uninstalled and the service can't be disabled.

So the problem still persists.

I am now running a full text search for "Age Of Empires IV" on my disk. I wonder where are some forgotten files and why the "Gaming Services" thinks it's still installed and why, after more than a year, it's trying to do an update and why the update causes some infinite loop memory leak.

UPDATE

I have searched registries for the "F6E35395-C5D3-4598-9763-30658558E6B4" (which is the name of the folder in cache) and found out some entries in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\GamingServices". Deleted all of them and looks like the problem is solved

It's still strange how such thing can happen. Should I be worried about a malware? Or was it just some coinsidence / Microsoft bug?

Edited by hafk, 01 March 2023 - 11:50 AM.

Wolverine 7

• 
• Members
• 5,147 posts
• OFFLINE

• Gender:Male
• Local time:11:42 PM

Good job ,if system is running ok now ,malware is unlikely ,of course never a good idea to be complacent.

I would.run scans with.

AdwCleaner.https://www.bleepingcomputer.com/download/adwcleaner/

Malwarebytes.https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

ESET Online scanner.https://www.eset.com/uk/home/online-scanner/

Or get the system checked out here.

https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-help/

Accidents don't just happen.They must be carelessly planned.

Dell Latitude 7380,Win 10 Pro,8GB,BunsenLabs Linux Antix Linux,,Kali Linux,