I see that the Microsoft's Antimalware Service Executable is taking a fair amount of CPU:
How can I know which folder/file is currently being scanned by Microsoft's Antimalware Service Executable?
Asked
Active
Viewed 669 times
1 Answers
2
You could use Process Monitor and filter to only include actions from process with name MsMpEng.exe, then check the Path column to know which files/folders it accesses. Add filter for Operation as well to only include ReadFile.
Of course not all the files are scanned by the process. E.g. C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db-shm is often accessed as it's some kind of internal database. You could filter out (exclude) all the repetitive paths like that for more accurate results.
Destroy666
- 12,350