This might not be that big a deal ...
Remember, all executables and libraries in any Microsoft designated directories will be digitally signed by MSFT. A minor change to the virus scanner could be to simply scan all directories for files that are not digitally signed by Microsoft.
If any exes were altered by viruses, the sig would become invalid, thus flagging it to the virus scanner.