NIS 2012 Settings

With everything that's going on, I'm taking another look at all my NIS settings.

 

NIS 2012 19.7.1.5

 

From the main UI:

Settings -> Computer tab -> Real Time protection

 

Current setting:

Auto-Protect -> Caching is set to on.

 

When you click the "?" next to Auto-Protect it goes to a help webpage that says:

 

"Caching:  Improves the performance of your computer.  If you turn on this option, NIS keeps a record of the files that are accessed often.  NIS does not scan those recorded files, even when you restart your computer."

 

It doesn't say whether those often accessed files are system files, user created files, or both.

 

Could malware: 1) create a file which allows itself to regenerate if/when needed, 2) access that file many times so that it gets on NIS' often accessed list, and 3) avoid having that malware file scanned?