just blindly I assume that some of the development occurs in Java. Then I would exclude Java archive files from OAS scanning. In any other cases where similar compressed files are being created by the minute by the compiler, an appropriate exclusion rule could be set up.
For any other files I would experiment with excluding directories the files are written to. For efficient exclusion definitions please search teh McAfee KB or you can find some threads here having that topic, also.
You have few options here:
- One option is: You can use low risk process option to specify the process and exclude affected java file types. Then create a regular ODS only for those excluded file types.
- Another option is: giving them a specific folder for storing their projects and excluding that folder.
Even you can combine both the above options.