Hello techadvisor-4571,
Thank you for posting here.
Usually, we set up the Microsoft certificate authority PKI in the domain, Windows AD domains can provide some security. Based on my knowledge, there is no anti-virus exceptions we should use.
Would you please tell us in detail what you mean "a list of anti-virus exceptions"?
Also, here are the links we can refer to set up Windows CA.
ADCS Step by Step Guide: Single Tier PKI Hierarchy Deployment
https://social.technet.microsoft.com/wiki/contents/articles/11750.adcs-step-by-step-guide-single-tier-pki-hierarchy-deployment.aspx
AD CS Step by Step Guide: Two Tier PKI Hierarchy Deployment
https://social.technet.microsoft.com/wiki/contents/articles/15037.ad-cs-step-by-step-guide-two-tier-pki-hierarchy-deployment.aspx
Hope the information above is helpful. If anything is unclear, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.