Cannot kill AvastUI.exe

I need to kill the AvastUI.exe process for testing purposes. Don’t worry, I’m not ridding myself of Avast, I just need Avast to unload completely while I test something.

I go to services, and stop the Avast service. That part works.

When I try to kill the process from the task manager, it says access denied. Okay, so I elevate it and try again. Still access denied? How come? I’m a frickin administrator!
So I open up an elevated Process Explorer. Try to kill AvastUI.exe… Still access denied. Grmbl!

Next, I try the taskkill command.

taskkill /im AvastUI.exe
SUCCESS: Sent termination signal to the process "AvastUI.exe" with PID 3168.

But afterwards the process still runs.

How the heck to I kill this thing?

You need to disable avast! self defense in Settings / Troubleshooting first.

Doesn’t work.

First of all, access is still denied.
Secondly, the option won’t persist. When I come back to Options->Troubleshooting, it’s back on.

/edit
And forcibly terminating also doesn’t work

C:\Windows\system32>taskkill /f /im AvastUI.exe
ERROR: The process "AvastUI.exe" with PID 3168 could not be terminated.
Reason: Access is denied.

Have you stopped avast! service? If so, you need to start it again (for the settings to be changed). The UI process itself doesn’t have rights to do so (as it runs under a possibly restricted user account).

Then I found a bug: the UI should try to start the service when needed, and properly elevate if it can’t.

Other than that, starting the service does indeed persist the option. I managed to kill AvastUI.exe.

(and I do wonder how Avast pulls off this self-defense thing… I certainly hope malware isn’t going to use the same technique to prevent themselves from being killed).

I believe UI told you about the problems - and offered you the option to [attempt to] start the avast! service from the red pane.

Self-defense is a kernel-mode driver thing, of course… generally, if you allow anyone to load a driver, they can do whatever they want (e.g. “hide” - i.e. become a rootkit).