This article includes information about folders that need to be excluded from antivirus scanning in ASP.net applications:
1. The physical file folders for the web sites content, no matter it is a local folder or a network share.
The default location is mentioned below, however please note that your content may reside in a different directory as well. Please check the path to which your website and the virtual directories under it points to, in order to identify the correct path.
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
4. IIS config folder
In case you are running IIS in shared configuration and your server happens to host the configuration on a different location, ensure to exclude it from the scan. More information about shared config can be found here.