KMS Connection Broker connecting to China?


I noticed in my alert logs today that ‘KMS Connection Broker’ is connecting to China - IP:

It seems like ‘sppextcomobj.exe’ is a legit system file, but I find it strange that it’s connecting to China - Is this normal?

Any advice would be greatly appreciated :slight_smile:


I found this thread

If you click the .exe is it signed by Microsoft? If so it’s probably OK. With content delivery networks sometimes IP addresses can be in China or anywhere else in the world.

Check this link for things you can do if you think you might have malware on your PC.


It is not virus.
I can only tell you that I have it on my Win 8 machine, it appears to be a legitimate part of the OS, and I think it might have something to do with KMS Licensing for Microsoft Products (like MS office) but I’m not sure because I do not have any MS Office products on my machine. Good luck.