If you want to lower impact, you can run discoveries and just rely on applied Tagging. The on-access scans will certainly lag you down, but you end up with a blind-spot too (but you also do on-access scans for items that do NOT have tags, only). We don't run VDI and we still get issues on file shares, and McAfee can't seem to tell us why.
Additionally, ensure that your rules are not to broad. For example, you may wish to consider excluding some temp folders, IE cookies folder, *.tmp files, etc from the scans - but that depends on your environment and how risky you wish to play.
For intalling on clients without AV, I suggest using queries in EPO, maybe tagging the systems without AV for an install task of DLP?