Hello,
Recently I saw a new FakeAV (“Windows Optimal Settings”) infection and noticed avastUI got blocked by following registry modification:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe (Security.Hijack) -> No action taken.
(part of MBAM result)
My suggestion is… self-defense module should prevent this kind of modifications. Without avastUI we can’t do anything including manual VPS update, boot-time scan etc…