DefWatch.exe
Symantec AntiVirus by Symantec Corporation (Signed)
Overview
There are 4 versions of defwatch.exe in the wild, the latest version being 10.2.0.276. It is started as a Windows Service called 'Symantec AntiVirus Definition Watcher' with the name 'DefWatch' and described as “Monitors and maintains virus definitions.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). The average file size is about 27.61 KB. The file is a digitally signed and issued to Symantec Corporation by VeriSign. Numerous variations of defwatch.exe have been installed with both Symantec AntiVirus and Symantec Client Security. During the process's lifecycle, the typical CPU resource utilization is about 0.0007% including both foreground and background operations, the average private memory consumption is about 1.43 MB with the maximum memory reaching around 3.4 MB. Addionally, typically read and write I/O disk operations is about 522.22 KB per minute for reads and 0 Bytes per minute for writes.
 Details
|
| File name: | defwatch.exe |
| Publisher: | Symantec Corporation |
| Product name: | Symantec AntiVirus |
| Description: | Virus Definition Daemon |
| Typical file path: | C:\Program Files\symantec client security\symantec antivirus\defwatch.exe |
| Certificate |
| Issued to: | Symantec Corporation |
| Authority (CA): | VeriSign |
| Effective date: | Monday, November 8, 2004 |
| Expiration date: | Monday, November 21, 2005 |
| Windows Service |
| Service name: | DefWatch |
| Display name: | Symantec AntiVirus Definition Watcher |
| Description: | “Monitors and maintains virus definitions.” |
| Type: | Win32OwnProcess, InteractiveProcess |
Programs installed in
(Note, the programs listed below are for all versions of Symantec AntiVirus.)
Symantec AntiVirus Corporate Edition was the previous offering from Symantec in this market. Symantec Endpoint Protection, developed by Symantec Corporation, is an antivirus and personal firewall prod...
“Antivirus protection alone is not a sufficient defense against today's complex Internet security threats. One breed of threats blend characteristics of viruses, worms,Trojan horses, and malicious code...”
Behaviors
(Note, the behaviors below are for all versions of defwatch.exe, select a unique version for details.)
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'DefWatch' (Symantec AntiVirus Definition Watcher)
All file variations of defwatch.exe
