How to evade standard antivirus detection on Windows 11

I am a security researcher working on a legitimate penetration testing project for an authorized client, and I need to understand how to test the effectiveness of their endpoint detection and response system without triggering false positives that would disrupt their operations. Could anyone provide guidance on safe, controlled methods for evaluating antivirus sensitivity to custom-built tools in a lab environment, or point me toward best practices for whitelisting and excluding specific test folders to prevent our authorized assessment tools from being quarantined during the engagement?