diff --git a/docs/man/clamd.conf.5.in b/docs/man/clamd.conf.5.in
index 2c9dd9c68..7473c0486 100644
--- a/docs/man/clamd.conf.5.in
+++ b/docs/man/clamd.conf.5.in
@@ -659,17 +659,21 @@ This option allows excluding directories from on-access scanning. It can be used
 Default: disabled
 .TP
 \fBOnAccessExcludeRootUID BOOL\fR
-With this option you can whitelist the root UID (0). Processes run under root with be able to access all files without triggering scans or permission denied events.
+With this option you can whitelist the root UID (0). Processes run under root will be able to access all files without triggering scans or permission denied events.
+.br
+Note that if clamd cannot check the uid of the process that generated an on-access scan event (e.g., because \fBOnAccessPrevention\fR was not enabled, and the process already exited), clamd will perform a scan.  Thus, setting \fBOnAccessExcludeRootUID\fR is not \fIguaranteed\fR to prevent every access by the root user from triggering a scan (unless \fBOnAccessPrevention\fR is enabled).
 .br
 Default: no
 .TP
 \fBOnAccessExcludeUID NUMBER\fR
-With this option you can whitelist specific UIDs. Processes with these UIDs will be able to access all files.
+With this option you can whitelist specific UIDs. Processes with these UIDs will be able to access all files without triggering scans or permission denied events.
 .br
 This option can be used multiple times (one per line).
 .br
 Note: using a value of 0 on any line will disable this option entirely. To whitelist the root UID (0) please enable the OnAccessExcludeRootUID option.
 .br
+Also note that if clamd cannot check the uid of the process that generated an on-access scan event (e.g., because \fBOnAccessPrevention\fR was not enabled, and the process already exited), clamd will perform a scan.  Thus, setting \fBOnAccessExcludeUID\fR is not \fIguaranteed\fR to prevent every access by the specified uid from triggering a scan (unless \fBOnAccessPrevention\fR is enabled).
+.br
 Default: disabled
 .TP
 \fBOnAccessMaxFileSize SIZE\fR
diff --git a/etc/clamd.conf.sample b/etc/clamd.conf.sample
index 67d8f1b32..036d0f626 100644
--- a/etc/clamd.conf.sample
+++ b/etc/clamd.conf.sample
@@ -612,6 +612,11 @@ Example
 # With this option you can whitelist the root UID (0). Processes run under
 # root with be able to access all files without triggering scans or
 # permission denied events.
+# Note that if clamd cannot check the uid of the process that generated an
+# on-access scan event (e.g., because OnAccessPrevention was not enabled, and
+# the process already exited), clamd will perform a scan.  Thus, setting
+# OnAccessExcludeRootUID is not *guaranteed* to prevent every access by the
+# root user from triggering a scan (unless OnAccessPrevention is enabled).
 # Default: no
 #OnAccessExcludeRootUID no
 
@@ -621,6 +626,11 @@ Example
 # This option can be used multiple times (one per line).
 # Using a value of 0 on any line will disable this option entirely. To whitelist
 # the root UID (0) please enable the OnAccessExcludeRootUID option.
+# Also note that if clamd cannot check the uid of the process that generated an
+# on-access scan event (e.g., because OnAccessPrevention was not enabled, and
+# the process already exited), clamd will perform a scan.  Thus, setting
+# OnAccessExcludeUID is not *guaranteed* to prevent every access by the
+# specified uid from triggering a scan (unless OnAccessPrevention is enabled).
 # Default: disabled
 #OnAccessExcludeUID -1