What is the .db File in the VirusDefs Folder?

Article:TECH95798  |  Created: 2009-01-27  |  Updated: 2010-01-19  |  Article URL http://www.symantec.com/docs/TECH95798
Article Type
Technical Solution


Issue



Customer asks about a file in the root of the VirusDefs folder they had not previously been seen.

Symptoms
A file has been created in the VirusDefs folder. The file has the .db extension. It may be seen as Cat.db or umcat_01.db.



Cause



This file is from the core component SymVT. SymVT is designed to verify known trusted files. In order to do so it creates a catalog database for lookups of known signed files. The file is placed one directory up from the dated definitions folder so that definitions refresh wouldn’t result in requiring a re-creation of the entire database. As the file is a database designed to verify known files, it need not be updated continuously and, at present, we are still running with the original release of the database. We expect to update the database on a regular basis beginning in Spring of 2010. The file was first introduced with definitions of August 26th, 2009. The umcat_01.db will only be generated if a user mode scan encountered a detection. The cat.db file is always generated.

Solution









Legacy ID



2009082711190948


Article URL http://www.symantec.com/docs/TECH95798


Terms of use for this information are found in Legal Notices