How to safely operate a developer-friendly loose policy?

What is your company's policy regarding the operation of endpoint protection for software developers?  I like Sophos Endpoint Protection, but the software developer environment is a headache. Our anti-threat policy has been so badly written that exceptions have been added every time a problem arises, and no one knows what the big picture is anymore.

*understands it's a contradiction* We want to know the policies that allow the software we are developing to operate unencumbered by motion detection, yet safely.

Microsoft currently has a compromise called Dev Drive. This is a very loose policy, but very comfortable from a developer's perspective. I would like to achieve the same thing with Sophos Endpoint Protection if possible.

ref. Set up a Dev Drive on Windows 11 | Microsoft Learn,

This is a total loophole in principle, but I would like to find a compromise, because if we try to strictly discipline software developers, the problems are likely to go underground. constructive discussion.