This article includes information about folders that need to be excluded from antivirus scanning in ASP.net applications:
1. The physical file folders for the web sites content, no matter it is a local folder or a network share.
The default location is mentioned below, however please note that your content may reside in a different directory as well. Please check the path to which your website and the virtual directories under it points to, in order to identify the correct path.
2. .Net Framework config directory
3. ASP.net temp file directory
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
4. IIS config folder
In case you are running IIS in shared configuration and your server happens to host the configuration on a different location, ensure to exclude it from the scan. More information about shared config can be found here.
5. IIS Temporary Compressed Files
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
Author: Amol Mehrotra