Found a great resource today that lists all the exceptions that Microsoft advises to configure when running Virus Scan Software on Forefront Threat Management Gateway.

In general I have the feeling that fine tuning the Virus Scan Exception policy is something that is not or hardly done. In most cases the products function correct, but a large performance penalty might be introduced that is not needed. If a few exception rules are configured, a lot of wasted resources can be won back.