Microsoft recommend to exclude a set of folders from anit-virus when running asp.net apps on iis, this seems quite dangerous and I wonder if it is still recommended.
I've tried looking for advice from Microsoft beyond these articles and found nothing concrete.
Just because you don't run an antivirus program on said files/folders, it does not mean that they are open to attacks. The web server should be properly configured to prevent unauthorized access as needed. Everything should be locked down except for what users are allowed to access (minimum access policy). IIS and Windows already know how to do this well. You just need to make sure you configure it properly. Check out this article for best practices.
It is however your application's responsibility to enforce certain levels of security. For instance, if you are allowing file uploads, you should exercise care on what extensions you allow, how you save those files locally and where you save them. You can then have your antivirus scan your target upload folder without having to affect other parts that may trigger AppDomain unloads as mentioned in the links you provided.
Lastly, if you are really worried about this, you can always schedule scans of the whole structure every so often at a time that is convenient to you based on usage in order to minimize the impact on performance (e.g. full scan once every 24 hours at 2am).