Romex Software Forum

Recently I noticed an item in my list of running tasks. The executable is named "MpCopyAccelerator.exe", and it resides in the "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0" folder. The description on it reads: "Microsoft Malware Protection Copy Accelerator Utility".

The file creation date is September 9th, 2021, which is what leads me to believe it was a new addition to MS' Defender suite. Coupled of course with the fact I don't recall seeing it before then (I usually hand-clean services/processes after a fresh boot to suit a demanding application's needs).

I'm wondering what (if any) effect this has on Primocache, and whether or not it is safe to terminate. The last thing we need is yet another accelerator that caches content from a drive competing with Primocache on some level. This is on Windows 10 (not 11).

It seems that this utility comes since around the beginning of September, 'probably' with the release of Windows Defender 4.18.2108.7-0, as well as MpDetoursCopyAccelerator.dll. There are no official documents for these files and seems no one knows what this process is for yet. Indicated by their file name and description, we guess they are introduced to accelerate the processing threatens.

As PrimoCache works in the kernel level, theoretically, this process should have no effects on PrimoCache.

Thanks for taking a peek at the process. I haven't terminated it manually yet (not even sure you can since it's a protected process), and haven't experienced any negative effects on the system or caching while Defender is running. But given MS has it in the W10 OS, it seems fair to assume it'll make it into W11 as well, which I'm sure you want to keep an eye on.

Cheers.

Sure, we will. Many thanks.

Jaga wrote: ↑Mon Oct 04, 2021 6:06 pm ...The last thing we need is yet another accelerator that caches content from a drive competing with Primocache on some level...

Support wrote: ↑Fri Oct 08, 2021 6:28 am ...There are no official documents for these files and seems no one knows what this process is for yet. Indicated by their file name and description, we guess they are introduced to accelerate the processing threatens.

Assuming the description is honest, then it is most likely making copies of critical data/documents that can then be used to recover from a ransomware attack. If so, then it should show read/write traffic in utilities like Process Explorer or Process Hacker - Process Monitor should be able to give specific details on files read/written.