Hi,
Here is a video test from the MalwaeTips forum about tampering with Avast’s drivers and protected services:
https://malwaretips.com/threads/avasts-challenge.129933/
New video, where Avast is tampered with but not crushed:
https://youtu.be/tf3eMYnxgxI
Hi AndyFul,
The video is not clear on what actions are being taken, we would need some more information e.g. the script that’s executed, for us to pass it to engineering.
That being said, there also seems to be a discrepancy in the timing e.g. between reboots, the system time is not consistent.
Thank you
I decided to submit details only to the AV vendors. I already did it for Kaspersky, Microsoft, Check Point, and Emsisoft.
Anyway, one of MT members already contacted Avast (without submitting details):
https://malwaretips.com/threads/avasts-challenge.129933/post-1081550
It seems that Avast staff knows the attack method, because no one contacted me. If necessary the Avast staff can contact me via my email (known to Administrators of this forum).
I posted here two videos. The second video was made several hours later.
I am from the Avast team - we will contact you directly
Wondering if this issue has it’s underlying reason in a security flaw of the operating system…
In the “Avast’s challenge” video I mentioned that the attack can be dangerous via lateral movement. But, it seems that Avast has a problem with UAC bypass. This can be exploited to dismantle Avast also with standard rights, via simple malware downloaded from the Internet:
In the above example, I used Dll hijacking to apply UAC bypass. The UAC bypass method is known for a few years.
It seems that someone else finally rediscovered that attack method:
Weaponizing Windows Defender: New Attack Bypasses EDR
The link is blocked by Avast.
