If you’re using Pipeline Extensibility in Fast Search for SharePoint, you may know that files are written to a local directory for your program to work on before getting dumped back into the pipeline.  This directory is:

<Fast user’s home directory>\AppData\LocalLow

Assuming you haven’t changed the location of the home directory, this would be:

C:\Users\<your Fast user>\AppData\LocalLow

Want to see proof that this directory is used?

If you want to see the files accumulate here (dev only of course), edit $FASTSEARCH\etc\pipelineextensibility.xml and add a ‘–logging enable’ parameter to the Run command.  Your new command should look something like this:

<Run command="yourbinary.exe" %(input)s %(output)s -logging enable">
Save the file and run ‘psctrl reset’.  This will reset all your item processors and read in the new config.  Start a new crawl and watch the .txt files start showing up in that directory.  When you’re done, change ‘enable’ to ‘disable’ to turn it back off.

My point here is that lots of txt files are writing to this directory.  If you follow the anti-virus configuration settings found on TechNet, you won’t see this directory listed.  If you’re following the recommendations on that page and still see your AV running high, this could be it.  You may want to add your executable to the list of processes to exclude as well.