Hi,
If you want to disable syscheck component for specific folders, you could push an <ignore> setting for syscheck block using agent.conf centralized configuration.
For example, you could ignore something like:
<ignore>/etc/</ignore>
Same way you could totally disable syscheck using <disabled> setting.
When the OS update be done, modify again agent.conf to restore back the configuration.
To prevent alerts for "new file" you could:
/var/ossec/bin/syscheck_control -u AGENT_ID
Remove .cpt files in /var/ossec/queue/syscheck
Restart Manager.
I hope someone could add more ideas for this use case.
Best,
Pedro.