DefWatch.exe
Symantec AntiVirus by Symantec Corporation (Signed)
| Version: | 10.2.0.276 |
| MD5: | fb937277e87f8468603f4e2d8cf9db4a |
| SHA1: | f2ffed33534148e25d47ff6423143e69b1c56cfa |
| SHA256: | e529a28c9e061e4dbdb207d18ceec14158c5ff402aa3bc2dd132de54924d3a7d |
Overview
defwatch.exe runs as a service under the name Symantec AntiVirus Definition Watcher (DefWatch) with extensive SYSTEM privileges (full administrator access). This is typically installed with the program Symantec AntiVirus published by Symantec Corporation. The file is digitally signed by Symantec Corporation which was issued by the VeriSign certificate authority (CA).
Details
| File name: | defwatch.exe |
| Publisher: | Symantec Corporation |
| Product name: | Symantec AntiVirus |
| Description: | Virus Definition Daemon |
| Typical file path: | C:\Program Files\symantec client security\symantec antivirus\defwatch.exe |
| File version: | 10.2.0.276 |
| Size: | 30.15 KB (30,872 bytes) |
| Certificate |
| Issued to: | Symantec Corporation |
| Authority (CA): | VeriSign |
| Effective date: | Monday, November 8, 2004 |
| Expiration date: | Monday, November 21, 2005 |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | No |
| Code language: | Microsoft Visual C++ 7.1 |
| .NET CLR: | No |
More details
Programs
The following program will install this file
Symantec AntiVirus Corporate Edition was the previous offering from Symantec in this market. Symantec Endpoint Protection, developed by Symantec Corporation, is an antivirus and personal firewall product leveled at centrally managed corporate environments security for servers and workstations.
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'DefWatch' (Symantec AntiVirus Definition Watcher)
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00204174% | |
| Kernel CPU: | 0.00048193% | |
| User CPU: | 0.00155980% | |
| Kernel CPU time: | 1,279 ms/min | |
| CPU cycles: | 124,847/sec | |
| Memory |
| Private memory: | 1.87 MB | |
| Private (maximum): | 5.62 MB | |
| Private (minimum): | 188 KB | |
| Non-paged memory: | 1.87 MB | |
| Virtual memory: | 54.13 MB | |
| Virtual memory (peak): | 59.77 MB | |
| Working set: | 268 KB | |
| Working set (peak): | 6.27 MB | |
| Page faults: | 2,184/min | |
| I/O |
| I/O read transfer: | 522.22 KB/sec | |
| I/O read operations: | 126/sec | |
| I/O write transfer: | 0 Bytes/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 2.96 KB/sec | |
| I/O other operations: | 1/sec | |
| Resource allocations |
| Threads: | 5 | |
| Handles: | 174 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 32-bit |
| Command line: | "C:\Program Files\symantec antivirus\defwatch.exe" |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | DefWatch |
| Display name: | Symantec AntiVirus Definition Watcher |
| Description: | “Monitors and maintains virus definitions.” |
| Type: | Win32OwnProcess, InteractiveProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Distribution by Windows OS
| OS version | distribution |
| Microsoft Windows XP |
75.00% |
|
| Windows Vista Home Premium |
25.00% |
|
Distribution by country
Turkey installs about 25.00% of Symantec AntiVirus.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Hewlett-Packard |
100.00% |
|
