We have few Linux virtual machines which have Microsoft Defender ATP and are running Oracle web logic applications. If we scan the directories, where Oracle web-logic applications are stored it impacts performance so we had to exclude scanning those directories. The project manager wants to exclude scanning permanently but we don't want any suspicious files hiding in the excluded folders. Those directories are used heavily and they change frequently so we cannot schedule scans like 3 a.m. in the morning hoping usage will be low at that time.

1. How do we ensure malware does not hide in the excluded directories of Linux virtual machines?

2. Are there any settings in Microsoft Defender ATP for Linux  which we can change to ensure the directories, where Oracle web-logic applications are stored can be scanned without affecting performance?

3. Any other suggestions for our scenario?