IBM Cloud Discuss IBM Cloud with IT ops managers, solution architects, SREs, and other cloud professionals Join/Login iny
There is no documentation like that. If a file is executable, it's supposed to be scanned. (and yes, it's a complete pain - I had a db2cc that had a start time of 12 *minutes* due to the AV scanning every single JAR).
The only sane way around this is to use an AV that can fingerprint a file (i.e. the file has an hash of xxx, and has been scanned) then as long as the hash doesn't change, you don't need to scan it on every run. (I'm not aware of any product that works like this - but then again, it's not my area).
Alternatively, if you can mount the binaries from a Read-Only filesystem, you can exclude them from the runtime scans (provided you still scan then daily/weekly).