Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

12.0.122.172 5.00%
11.0.6300.541 5.00%
11.0.6200.513 15.00%
11.0.6100.463 5.00%
11.0.6070.422 25.00%
11.0.5002.290 5.00%
11.0.4010.14 5.00%
11.0.4000.2263 5.00%
11.0.3001.2198 5.00%
11.0.777.1008 5.00%
10.2.0.276 5.00%
10.1.9.9000 5.00%
10.1.6.6000 5.00%
10.0.0.846 5.00%

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
RevertToSelf, ImpersonateLoggedOnUser, DuplicateTokenEx, CheckTokenMembership, SetTokenInformation, GetSecurityInfo, MapGenericMask, GetFileSecurityW, AccessCheck, RegCreateKeyW, OpenSCManagerA, QueryServiceConfigA, LsaQueryInformationPolicy, LsaNtStatusToWinError, LsaFreeMemory, LsaClose, LsaOpenPolicy, RegDeleteKeyW, SetNamedSecurityInfoA, GetNamedSecurityInfoA, SetEntriesInAclA, RegQueryValueExW, LookupAccountSidA, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerExA, GetUserNameA, SetServiceStatus, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, RegLoadKeyA, RegUnLoadKeyA, ReportEventA, GetTokenInformation, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority, EqualSid, ControlService, QueryServiceStatus, ChangeServiceConfigA, StartServiceA, OpenServiceA, CloseServiceHandle, GetAce, SetFileSecurityA, ImpersonateSelf, IsValidSid, LookupAccountNameA, DeregisterEventSource, RegisterEventSourceA, CopySid, OpenProcessToken, OpenThreadToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegEnumValueA, RegEnumKeyA, RegEnumKeyExW, RegOpenKeyW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptGenRandom, CryptAcquireContextA, CryptDestroyHash, CryptReleaseContext, RegCreateKeyA, RegSetValueA, RegEnumValueW, RegOpenKeyExW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExA, GetAclInformation, DeleteAce, GetLengthSid, InitializeAcl, AddAccessDeniedAce, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, IsValidSecurityDescriptor, FreeSid, AllocateAndInitializeSid, RegNotifyChangeKeyValue, RegQueryInfoKeyA, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegOpenKeyExA, RegEnumKeyExA, RegOpenKeyA, RegCloseKey, RegFlushKey, RegisterServiceCtrlHandlerA, CreateServiceA
crypt32.dll
CryptProtectData, CryptUnprotectData
i2ldvp3.dll
VEGetCurrentDefPath, VELoadPatternFile, VEInit, VEGetInfo, VEDeInit, VEFreePatternFiles, VEGetSignatureVirusCount, VEDecomposerInit, VEEnumSignatures, VEGetScanner
iphlpapi.dll
NotifyRouteChange, NotifyAddrChange
kernel32.dll
DllMain
mpr.dll
WNetGetUniversalNameW
msvcp71.dll
DllMain
msvcp80.dll
DllMain
msvcr71.dll
DllMain
msvcr80.dll
DllMain
navlu.dll
_DoLiveUpdate@12
netapi32.dll
NetApiBufferFree, NetMessageBufferSend, NetSessionEnum, NetWkstaGetInfo, Netbios
ole32.dll
CoInitializeEx, CoUninitialize, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree, CoCreateGuid, OleRun, CoCreateInstance, CoDisconnectObject, CoInitialize, StringFromGUID2, CoRevokeClassObject, CoRegisterClassObject, CoSuspendClassObjects, CoResumeClassObjects, CoInitializeSecurity, CoFreeUnusedLibraries, StringFromCLSID, CreateBindCtx, CLSIDFromString, OleSaveToStream, GetHGlobalFromStream, CreateStreamOnHGlobal, OleLoadFromStream
pdh.dll
PdhCloseQuery, PdhRemoveCounter, PdhCollectQueryData, PdhAddCounterA, PdhValidatePathA, PdhOpenQueryA, PdhEnumObjectItemsA, PdhGetFormattedCounterValue
psapi.dll
EnumProcessModules, GetModuleBaseNameA, EnumProcesses, GetProcessMemoryInfo, GetModuleInformation
rpcrt4.dll
RpcStringFreeA, UuidToStringA, UuidCreate
secur32.dll
LsaFreeReturnBuffer, LsaGetLogonSessionData
shell32.dll
SHGetFolderPathA, SHGetSpecialFolderPathA, SHGetMalloc, SHGetPathFromIDListA, SHGetSpecialFolderLocation, SHGetDesktopFolder, SHCreateDirectoryExA
shlwapi.dll
SHDeleteKeyA, PathAddBackslashA, PathRemoveBackslashA
urlmon.dll
MkParseDisplayNameEx
user32.dll
CharUpperA, CharNextA, LoadStringA, DispatchMessageA, TranslateMessage, UnregisterClassA, PeekMessageA, PostThreadMessageA, SendMessageTimeoutA, SendMessageA, CharUpperW, wsprintfA, CharNextW, MessageBoxA, GetSystemMetrics, MsgWaitForMultipleObjects, CharPrevA, FindWindowA, IsWindow, DestroyWindow, DefWindowProcA, PostQuitMessage, GetMessageA, ShowWindow, CreateWindowExA, RegisterClassA, LoadCursorA, MsgWaitForMultipleObjectsEx, IsWindowUnicode, GetMessageW, DispatchMessageW, CharToOemA, GetSystemMenu, EnableMenuItem, PostMessageA, IsCharAlphaNumericA
userenv.dll
GetProfilesDirectoryA
version.dll
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW, GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
wtsapi32.dll
WTSFreeMemory, WTSQuerySessionInformationA, WTSEnumerateSessionsA, WTSSendMessageA
Export table
SymSVM_ClientDataStruct
SymSVM_ScanControlStruct
SymSVM_VMEnvironmentInfo

RTVScan.exe

Symantec AntiVirus by Symantec Corporation (Signed)

Remove RTVScan.exe
Version:   10.2.0.276
MD5:   a548acf535d81a96e1b38f76a2de658f
SHA1:   123c9692816682e2a46f2d8ff5d637f04fff5ca1
SHA256:   bdbf1bc0e31c887dc0455e7b6666ab5a5daa473bf2f6d9fc76b277852e179903

Overview

rtvscan.exe runs as a service under the name Symantec Endpoint Protection (Symantec AntiVirus) with extensive SYSTEM privileges (full administrator access). This is typically installed with the program Symantec AntiVirus published by Symantec Corporation. The file is digitally signed by Symantec Corporation which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:rtvscan.exe
Publisher:Symantec Corporation
Product name:Symantec AntiVirus
Typical file path:C:\Program Files\symantec client security\symantec antivirus\rtvscan.exe
File version:10.2.0.276
Size:1.87 MB (1,962,136 bytes)
Certificate
Issued to:Symantec Corporation
Authority (CA):VeriSign
Effective date:Tuesday, October 30, 2007
Expiration date:Wednesday, November 24, 2010
Digital DNA
PE subsystem:Windows Console
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Symantec Corporation
9% remove
Symantec AntiVirus Corporate Edition was the previous offering from Symantec in this market. Symantec Endpoint Protection, developed by Symantec Corporation, is an antivirus and personal firewall product leveled at centrally managed corporate environments security for servers and workstations.

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'Symantec AntiVirus'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00205005%
0.028634%
Kernel CPU:0.00049347%
0.013761%
User CPU:0.00155658%
0.014873%
Kernel CPU time:791,362 ms/min
100,923,805ms/min
CPU cycles:15,623,477/sec
17,470,203/sec
Memory
Private memory:95.84 MB
21.59 MB
Private (maximum):456.89 MB
Private (minimum):12.54 MB
Non-paged memory:95.84 MB
21.59 MB
Virtual memory:688.39 MB
140.96 MB
Virtual memory (peak):716.58 MB
169.69 MB
Working set:25.24 MB
18.61 MB
Working set (peak):467.39 MB
37.95 MB
Page faults:6,768,738/min
2,039/min
I/O
I/O read transfer:123.07 MB/sec
1.02 MB/min
I/O read operations:41,612/sec
343/min
I/O write transfer:9.37 MB/sec
274.99 KB/min
I/O write operations:2,310/sec
227/min
I/O other transfer:984.35 KB/sec
448.09 KB/min
I/O other operations:12,408/sec
1,671/min
Resource allocations
Threads:50
12
Handles:709
600

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:"C:\Program Files\symantec antivirus\rtvscan.exe"
Owner:SYSTEM
Windows Service
Service name:Symantec AntiVirus
Display name:Symantec Endpoint Protection
Description:“Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus.”
Type:Win32OwnProcess, InteractiveProcess
Parent process:services.exe (Services and Controller app by Microsoft)

ResourcesThreads

Averages
 
msvcr71.dll (Microsoft Visual Studio .NET by Microsoft)
Total CPU:0.12307815%
0.272967%
Kernel CPU:0.04561502%
0.107585%
User CPU:0.07746313%
0.165382%
CPU cycles:2,767,322/sec
5,741,424/sec
Memory:344 KB
1.16 MB
ADVAPI32.dll
Total CPU:0.04285415%
Kernel CPU:0.01816585%
User CPU:0.02468830%
CPU cycles:875,755/sec
Memory:764 KB
srtsp32.dll (AutoProtect by Symantec)
Total CPU:0.01202788%
Kernel CPU:0.00341332%
User CPU:0.00861456%
CPU cycles:284,382/sec
Memory:732 KB
cceraser.dll (ERASER ENGINE by Symantec)
Total CPU:0.00048856%
Kernel CPU:0.00032571%
User CPU:0.00016285%
CPU cycles:10,044/sec
Memory:2.9 MB
Rtvscan.exe (main module)
Total CPU:0.00043121%
Kernel CPU:0.00043121%
User CPU:0.00000000%
CPU cycles:8,905/sec
Memory:2.56 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 47.37%
Windows 7 Home Premium 26.32%
Windows 7 Enterprise 10.53%
Windows Vista Home Premium 5.26%
Windows Vista Ultimate 5.26%
Windows 7 Professional 5.26%

Distribution by countryDistribution by country

United States installs about 57.89% of Symantec AntiVirus.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 47.62%
Hewlett-Packard 23.81%
Lenovo 19.05%
Intel 9.52%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE