How does Avast protect its root certificate so that it can’t be used by a malicious user to sign fake certificates?
https://www.avast.com/en-us/faq.php?article=AVKB190#artTitle does it help?