Many other antivirus solutions provide this functionality (even the free MSE). Presumably all these security companies could not have thought it was a security hole?
I found the following in the user manual, but it's a bit vague.
Scan files on open.
The extensions of the additional files to be scanned should be separated by a comma. You can use the wildcard "?" (e.g. if you want all .htm and .html opened files to be scanned, enter either "htm”, “html" or use the wildcard - "ht?"; in the latter case, however, all files with extensions starting with "ht", such as "htt", will be scanned).
> Always scan WSH-script files. This option ensures that all script files (Windows Scripting Host) will be
tested.
> Do not scan system libraries.
Trusted system libraries will not be scanned on opening, only a quick check will be performed to validate the authenticity. This option may speed up the system start a little.
Scan created/modified files.
If this box is checked, files will be scanned at the moment they are created
or modified. You can further specify whether this should be applied to:
> All files, or
> Only files with selected extensions
If the “Default extension set” box is checked, only those files with extensions that are generally considered "dangerous" will be scanned – click “Show” to see the list of default extensions. You can also specify additional extensions to be scanned.
The first option seems to indicate that files will be scanned on open (ie on READ which is what NTBACKUP would be doing). The second option which is also selectable says it's only going to check files only on create / modify (ie on WRITE). This would stop it checking files that NTBACKUP is reading, but that means it also wouldn't check an infected .exe as it's not being modified. Doesn't seem to make sense.