Additional Predfined Path Variables should be added to the custom exclusions. My suggestions:
PROGRAM_FILES_X86 = C:\Program Files (x86) or even better 1 variable that automatically includes both paths
The COMMON_ set of variable need to include the C:\Users path for Win Vista+ operating systems
USER_PROFILE = the path for the current logged in user's profile (C:\Users\username)
There can be other user-based variables, especially for folders that can be redirected
I'm sure there are more your programmers can think of. The list just needs to be updated/modernized. I've run into a couple instances where an application pushes an executable to the user's roaming folder in their profile then quarantined by SEP and have had no way of excluding the file universally for all users.
I reference the admins guide page 41 for the existing set of variables. http://help.elasticbeanstalk.com/Content/SEPSBE2013/EN_US/SEPSBE2013/docs/AdministratorGuide.pdf
Thank you