DefWatch.exe
Symantec AntiVirus by Symantec Corporation (Signed)
| Version: | 10.0.0.846 |
| MD5: | 4d8897f50541caf68555a7a37cb27510 |
| SHA1: | 18ab9a9d374f4d3aec3473a2748810cca2818a32 |
| SHA256: | bee2fb1bcfc97d568fd112ee04b757eebd00fcc858e50a84b6e8d77b699518df |
Overview
defwatch.exe runs as a service under the name Symantec AntiVirus Definition Watcher (DefWatch) with extensive SYSTEM privileges (full administrator access). This is typically installed with the program Symantec Client Security published by Symantec Corporation. The file is digitally signed by Symantec Corporation which was issued by the VeriSign certificate authority (CA).
Details
| File name: | defwatch.exe |
| Publisher: | Symantec Corporation |
| Product name: | Symantec AntiVirus |
| Description: | Virus Definition Daemon |
| Typical file path: | C:\Program Files\symantec client security\symantec antivirus\defwatch.exe |
| File version: | 10.0.0.846 |
| Size: | 19.19 KB (19,648 bytes) |
| Certificate |
| Issued to: | Symantec Corporation |
| Authority (CA): | VeriSign |
| Effective date: | Monday, November 8, 2004 |
| Expiration date: | Monday, November 21, 2005 |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | No |
| Code language: | Microsoft Visual C++ 7.1 |
| .NET CLR: | No |
More details
Programs
The following program will install this file
“Antivirus protection alone is not a sufficient defense against today's complex Internet security threats. One breed of threats blend characteristics of viruses, worms,Trojan horses, and malicious code with server and Internet vulnerabilities. By using multiple methods and techniques, blended threats such as CodeRed, Bugbear, and Opaserv can rapidly initiate, transmit, and spread, causing widespread damage.The newest breed of security ri...”
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'DefWatch' (Symantec AntiVirus Definition Watcher)
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00058815% | |
| Kernel CPU: | 0.00039474% | |
| User CPU: | 0.00019340% | |
| Kernel CPU time: | 1,797 ms/min | |
| Memory |
| Private memory: | 624 KB | |
| Private (maximum): | 1.87 MB | |
| Private (minimum): | 1.87 MB | |
| Non-paged memory: | 624 KB | |
| Virtual memory: | 18.62 MB | |
| Virtual memory (peak): | 20.7 MB | |
| Working set: | 1.87 MB | |
| Working set (peak): | 2.57 MB | |
| Resource allocations |
| Threads: | 3 | |
| Handles: | 29 | |
| GUI GDI count: | 4 | |
| GUI USER count: | 2 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 32-bit |
| Command line: | "C:\Program Files\symantec client security\symantec antivirus\defwatch.exe" |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | DefWatch |
| Display name: | Symantec AntiVirus Definition Watcher |
| Description: | “Monitors and maintains virus definitions.” |
| Type: | Win32OwnProcess, InteractiveProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Distribution by Windows OS
| OS version | distribution |
| Microsoft Windows XP |
75.00% |
|
| Windows Vista Home Premium |
25.00% |
|
Distribution by country
Turkey installs about 25.00% of Symantec AntiVirus.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
100.00% |
|
