Either method should work fine.
The first (full path) method is better in terms of security as you're reducing the risk of malware manifesting itself in all the subfolders of the Exchange Server directory.
It is even better practice to add low-risk processes instead of file/folder path exclusions. This way you can choose not to scan files when touched by specified low-risk processes (in this case the Exchange processes) but High-Risk processes such as explorer would still lead to a scan operation. This reduces the risk of malware being copied into directories that are known to typically be excluded from scanning in AV software.