Microsoft posted recommendations that may help you protect a computer that’s running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Microsoft Windows 2000, Windows XP, Windows Vista, or Windows 7 from viruses. “Don’t scan the following files and folders. These files’re not at risk of infection. If you scan these files, serious performance problems may occur because of file locking. Where a specific set of files is identified by name, exclude only those files instead of the whole folder. Sometimes, the whole folder must be excluded. Don’t exclude any one of these based on file name extension. For e.g., don’t exclude all files that’ve a .dit extension. Among the files and folders Microsoft tells users to exclude are those associated with Windows Update and Group Policy, and files with the .edb., .sdb and .chk extensions contained within the “%windir%\security” folder.
More info: KB822158