Well, the Web Shield works as a local proxy…so you will see that it looks like Avast! is downloading it simply because it is being picked up by the Web Shield first.
edit:though you are referring to the Network Shield, same thing applies, as it is scanning all network traffic.
Avast isn’t downloading it, it is going through the avast localhost proxy the web shield (controlled by avastSvc.exe) intercepts http traffic and routes it through the localhost proxy so that it can be scanned.
So I would examine your logs or post the content showing this activity.
The traffic is passing through Avast, so Avast can scan it. It is probably Windows Update that is downloading for Windows Defender, which was probably set to update itself before the daily Windows Defender scan.
Well, that’s my guess.
You would probably see the same using other tools besides the firewall.
And that makes comodo firewall think that avast is downloading,
while it is actually defender. What if I wanted comodo to block defender?
I have comodo set on custom policy, which makes it
ask me for my approval for every net connection.
But it didn’t ask me in this case.
Not sure if that was the case because avast was practically disguising defender,
or because I have c:\windows\system32\svchost.exe and system enabled
in comodo and defender was treated by comodo as system.
So I’m a bit confused now… what if some other app decides to download
something, and comodo sees avast - and not the real app?
BTW, this post is tightly connected to comodo firewall,
but I could be using any other firewall - and avast shouldn’t
disguise any app, no matter which firewall used.