When I administered SQL boxes in the past, I turned off the real-time scan on the SQL-only boxes and disabled scanning for the MSSQL/Data folder during regular nightly scans.
Seemed a good trade-off for performance. Granted the SQL boxes were behind firewall and had not direct file access by regular (non-admin) clients.