Avast Antivirus inbound 'rules' in Windows Defender Firewall setting

Someone on the WindowsHelp subreddit (I know I know, like saying “my friend’s cousin’s neighbour’s coworker”, so take with a grain of salt I guess) said that it’s likely Avast is acting as a “service hooked deep into Windows” if it’s able to function without TCP/UDP connections allowed. Does that mean it’s basically being treated like a Windows service/process instead of a third party app? For example, Avast is recognized by Windows Security as the core antivirus software that overrides the Windows Defender Antivirus, so maybe it’s being treated as “part of Windows” that connection through the firewall through TCP/UDP isn’t necessary for that reason?

I admit this is all just speculation and banter on my end, but one piece of information leads to another set of questions, etc.

Or it’s also possible it unblocks itself when it needs to and then puts the block back on when it’s done doing what it had to do.

But yes it’s possible it’s using WSUS to get through the firewall.