But that just looks at the process name, not the path...
You can enter exception file names with full path and will work.
So if a piece of malware dropped a rogue executable called "winlogon.exe, say in c:\program files\stuff\, and that executable was called by another one (or added to autorun), once that executable is started, could it not stop Virusscan services?
Virusscan services normally cannot be stopped other than other VirusScan - related processes, this cannot be excluded, since this is not regulated by an AP rule but by a checkbox "Prevent McAfee services from being stopped".
The other two scenarios that you mentioned are really regulated by AP rules.
Isn't the large amount of exceptions that are there by default a security risk? Are there any processes that, even though they are included in the defaults, that should be removed?
I think you (and we) can remove exceptions that we think we do not need and create a so configured custom Virusscan install package. In my opinon they are there by default to allow for excluding the most commonly found program names that are legitim and could be hindered by the respective AP rule. Obviously, whichever is not needed by any user, they can remove them from the list.
I think a further seurity measure could be to add their full path (or short path) to them so they are never mistaken with another same named process, but it's at the user's discretion.