Hi Guys,
I have a question that I hope you will be able to answer for me. I work for a worldwide organization and am in charge of monitoring SEPM and all of the client workstations/servers on it. The version of Symantec that we are currently running is mostly 12.1.6 MP3, though some machines have been upgraded to the new MP4 version. The OS for virtually all machines that we are currently using is Windows 7 Professional. A month or so ago, I started receiving reports stating that various .exe files in the Symantec/Defwatch.dwh folder were being quarantined on a single machine, and through some research, I came across an article stating that it was a false positive, but this morning, when I pulled a risk report to get more information on any other alerts that came in, I found that in the last few days alone, these .exe files in that folder got flagged 1,769 times on multiple machines. Is this something that I need to be concerned about? I have been told that because it has been labelled as a false positive in the past, I do not have to worry about it, but I wanted to make sure that this is still the case. What do you guys think?
Here is an example of a .exe file that was flagged: C:\ProgramData\Symantec\DefWatch.DWH\dwhde1c.exe