Hi Gidi,
Thanks for your comment.
We would like to avoid any AV scans for the requests made by the app, also for the read-only ones.
I was also thinking about the dedicated share for the app, but the problem is the app is going to scan all the data on the filers. All the shares. Therefore I would have to create another instance of every share I have in the environment, append something like "-noscan" to the share name, allow access only for the app and disable scanning on those new shares. We have many many thousands of shares so will not work.
One option I have in mind is to utilize "ONTAP_ADMIN$" share.