Video Screencast Help

Sudden increase in quarantined viruses and trojans ?

Created: 22 Jan 2013 | 8 comments



Can anyone please assist me what to do, because from what I have read, the DefWatch Wizard (defwatch.exe and Dwhwizrd.exe) most likely generates the DWH files. After virus definitions are downloaded, DefWatch is supposed to detect out-of-date virus definitions. During the process, quarantined threats are pulled out of the holding area and placed in a temp folder for scanning by Auto protection and DefWatch. When that occurs the Symantec scanning engine detects those versions of the previously quarantined files and the cycle keeps repeating itself ?


FYI: I'm using SEP 12.1 RU2 already.

Comments 8 CommentsJump to latest comment

John Santana's picture

Here's the screenshot thatI got when I go to C:\ProgramData\Symantec\DefWatch.DWH directory to delete the files ?

suddenly the files are gone ?

Kind regards,

John Santana
IT Professional


Please be nice to me as I'm newbie in this forum.

Ashish-Sharma's picture



If still not fixed in SEP 12.1 RU2


You can create a Case with Symantec Technical Support Team.

How to create a new case in MySymantec (formerly MySupport)

Regional Support Telephone Numbers:

United States: 800-342-0652 (407-357-7600 from outside the United States)

Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)

United Kingdom: +44 (0) 870 606 6000

Additional contact numbers:

Check this thread one of problem not fixed


Thanks In Advance

Ashish Sharma



_Brian's picture

Looks like the DWH temp file issue again

You can open a case

Or there is a workaround, not a fix

Open up your AV policy

Select the Quarantine tab

On the General tab under "When New Definitions Arrive" set it to "Do Nothing"

This should stop the alerts

John Santana's picture

Thanks Brian,

but then the DWH temp. will still be reported in the SEPM monitoring console ?

Kind regards,

John Santana
IT Professional


Please be nice to me as I'm newbie in this forum.

_Brian's picture

No, that is the workaround. It should stop showing up

Mithun Sanghavi's picture


Check this Article:

tmp file (DWH*****.tmp) detected as  Trojan.Gen or Trojan.Gen.2 by Corp products

Hope that helps!!

Mithun Sanghavi
Senior Consultant

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

cus000's picture

Hah!?? Doesn't sound and looks too good...


Try the steps provided by Brian...i remember it's somewhere from KB

jim shock's picture

You can also exclude the DefWatch.DWH folder from these detections - SEP main UI - Change Settings - Exceptions.