Exclusion by path a good policy for antivirus programs?

I have noticed that most antivirus programs (maybe all of them?) have the ability for the user to set exclusions from being scanned and that it seems that the excluded program/file/etc is almost always by path (as opposed to md5 hash, etc). I'm wondering if this is the best policy for exclusions. What if an excluded program is auto updated and the update includes some sort of adware/spyware or worse? Because of the exclusion, will the updated program be able to do whatever it likes as the antivirus program will ignore it? I understand that exclusions are needed in many cases. But is exclusion by path the best policy?

 

It is the risk on the part of the user albeit a small one. An educated risk to allow a prog to function better until AV evolve further. If malware is able to bypass the AV and execute it is irrelevant what other folders are excluded.

 

Some AVs have more advanced options and can exclude files by Threat/signature, e.g. if the file is infected by other threat different to the exclusion, it will be blocked.

 

In order to collect (and then recheck) excluded file MD5 hash, this hash must be gathered at every program start. This might create additional problems like slow program start-up (especially when there are multiple files in a directory excluded by hash).

 

A very good point. Also, most programs that would auto update would likely download the update to a temp folder first before it was applied, so I doubt the update itself would bypass your AV.