Defwatch.dwh has 293kb files that are detected (externally) as a suspicious.B.UMH
I'm finding these files in the c:\programdata\Symantec\defwatch.dwh\ folder, and these are DWH####.exe files (not .tmp like a definition update). The client is running 12.1..4013.4013, and I'm not seeing these files on other similar versioned systems. In fact, when I run a scan on the files on the machine itself (with current defintions) it finds nothing, but when I scan the files externally from another system it detects them as the suspicious.B.UMH files. So what is this? A virus that is hiding detection from the client? Or a bogus update of somekine from Symantec that doesn't act like the other systems? Please advise how to track root cause on this and fix. Thanks.