You are really pointing at a pickle here about anti-virus scanners. Q: Do you sign your executable's digitally? If so, does that make any difference?

I have developed a "Digital sign" class that also checks that a digitally signed program has not been tampered with when started - else it exits.

So one solution could be to use such a solution together with digitally signed programs and *then also* turn off the scanning for that Programs folder. That way you could still be sure that your program won't be the culprit if a virus is spreading through an organization. Perhaps not bullet proof, but at least manageable?