I love how Microsoft made third party anti virus protection obsolete with Defender – it just works.
Unfortunately for me as a developer this sometimes means it works a bit too well, and slows down processes I know are secure – for example Gradle builds in Android Studio. I know I can exclude some files and processes from the scanning – but I don't actually know which ones to exclude. The UI of Android Studio? OpenJDK? My Android Emulator?
Some other anti virus product like Avira offered a view of files and programs that it scanned, even offering direct "exclude from scan" buttons.
Is there a way to monitor what real time protection is scanning, which files or processes are causing it to spin up and max my CPU?
Best Answer
You can do this using ProcMon from SysInternals: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
Your list should now filter and you can view and log files the engine touches as it touches them.
Another tool that can add information to this process is Process Explorer, also from SysInternals: https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer
Run ProcExp when you are running ProcMon and as you find entries in the ProcMon log that you suspect may be causing the slowness, find them in ProcExp's list of processes.
ProcExp shows applications in a hierarchical view ("tree view") that lists processes as parents and children. It also allows you to search for individual threads and in-use files and identify the process(es) that are using them.
However I think you're complicating the problem.
What you want to do first is identify and whitelist not each individual file being run in the SDKs and emulators, but the executables in the SDK and the emulators themselves that are running the files.
Do this first, and only proceed to whitelisting the individual files if the first step doesn't solve the problem.