I don't agree that disabling SONAR, or any other important protection is a sound approach. Development systems are as much or even more at risk than production systems at being infected and even becoming a source of malware distribution. Additionally, you want to have developed the appropriate exceptions for your internal software for when you take it to production.
My recommendations is:
Create a subgroup of Boston ("Developers"), disable inheritance of this subgroup and create an alternate Centralized Exceptions Policy where specific applications are set to Ignore, and apply this policy to the group. Don't make execeptions for the folders themselves, as this is also not best practice. In this manner you will develop a solid policy that can be applied to your production environment.
Alternately a new AV/AS policy can be created from a copy of the production policy, and SONAR set to Log mode for a very limited time in order to allow the developers to do their job while the SEP administrators do theirs and create an appropiate exceptions policy.