I need to kill the AvastUI.exe process for testing purposes. Don’t worry, I’m not ridding myself of Avast, I just need Avast to unload completely while I test something.
I go to services, and stop the Avast service. That part works.
When I try to kill the process from the task manager, it says access denied. Okay, so I elevate it and try again. Still access denied? How come? I’m a frickin administrator!
So I open up an elevated Process Explorer. Try to kill AvastUI.exe… Still access denied. Grmbl!
Next, I try the taskkill command.
taskkill /im AvastUI.exe
SUCCESS: Sent termination signal to the process "AvastUI.exe" with PID 3168.
Have you stopped avast! service? If so, you need to start it again (for the settings to be changed). The UI process itself doesn’t have rights to do so (as it runs under a possibly restricted user account).
Then I found a bug: the UI should try to start the service when needed, and properly elevate if it can’t.
Other than that, starting the service does indeed persist the option. I managed to kill AvastUI.exe.
(and I do wonder how Avast pulls off this self-defense thing… I certainly hope malware isn’t going to use the same technique to prevent themselves from being killed).
I believe UI told you about the problems - and offered you the option to [attempt to] start the avast! service from the red pane.
Self-defense is a kernel-mode driver thing, of course… generally, if you allow anyone to load a driver, they can do whatever they want (e.g. “hide” - i.e. become a rootkit).