As I said, when extracted from the zip file and or when executed as avast hooks executable files before they are allowed to run.

I don’t know the circumstances surrounding your download, generally I would expect them to be scanned by the web shield, but using https bypasses the web shield scan. So I don’t know at what point the file system shield cuts in with the saving of the downloaded file using https. But it should certainly be scanned when you try to execute it.