Looking at the disk activity on our server I can see a lot of MsMpEng.exe processes reading .ccc .cd & .cd.new files located the a X:\System Volume information\ Dedupe\ChunkStore location.Disk activity isn't huge but the MsMpEng.exe process is sat at  25% CPU fairly constantly.

Is there any documentation or advice regarding excluding these file types from Microsoft Forefront Endpoint Protection? I suspect it isn't doing us any favours at the moment

Hi,

I haven't found any document regarding excluding this files. Here is a blog that lists all the AV exclusions you might want to configure for Windows Server.

http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx

Best Regards,

Joyce

Thank you for the list. We have excluded those files and seen a big IO improvement for the dedup processing. My assumption is that the AV will just see the original file and will perform the check there. There is no need to check the content of the .ccc and .cd.new files, essentially scanning the same file twice.

Would be good if Microsoft could confirm this though, must be other people out there with the same situation