![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 69%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
As already mentioned the file is clearly not malicious, since it's a zero byte file, so lets examine it a bit closer to see whether we can make an educated guess.
"IMpService77BDAF73-B396-481F-9042-AD358843EC24.lock"
Searching for the components of the name online, I could only find the IMpService portion related to an Intel platform file, so this section isn't going to be helpful in explaining its purpose.
However, the "77BDAF73-B396-481F-9042-AD358843EC24" portion can be found is at least several places, most often logs for updates or other technical issues with either "Windows Defender" or "Windows Defender Antivirus" immediately preceding it.
I then did a Find in Regedit on my own Windows 8.1 laptop and the only item I found with this string was contained in the following registry key.
HKEY_USERS\S-1-5-18\Software\Microsoft\TelemetryClient\ThrottleStore\watson\generic\generic\windowsupdatefailure3
So clearly this is the CLSID (Class Identifier) for Windows Defender and is most often seen relating to update or other issues within logs.
The final ".lock" portion is actually quite commonly used to designate some sort of flag file used to tell software that some process is taking place, most often something like an update or other operation that shouldn't be interrupted. In most cases these files are 0 zero) bytes in size, since they only exist during the time in which the operation is taking place and so don't need to contain any actual data.
So from the above it's easy to make a guess that this file is nothing more than a Windows Defender flag file used to lock the operation of some processes that might interfere, most likely during the Windows Update processes required to replace portions of Defender such as signature definitions, engines or possibly the entire anti-malware client itself.
Nothing at all surprising or concerning, including the fact that the file itself is locked and can't be deleted, since that's something the operating system would obviously do when such operations are in process.
The only question might be that if the file never goes away, it's possible this indicates that some process is stuck and unable to complete. If there are other indications of either an update or similar failure occurring with Defender, then this is simply one possible symptom and not likely itself to be the true problem.
Rob
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
