Just something I ran into.
I just moved to a new server win2016 and noticed a lot of drive activity from msmpeng.exe in spool and log directory.
msmpeng.exe scans for malware as part of windows defender.
I excluded the complete smartermail directory containing domains logs spool.
Maybe it's something you want to do too, or want to do partially.
just open windows defender and go to settings, you'll find how to exclude files and/or folders