Disable or Modify Tools × Avast Software Avast Free Antivirus

A publicly-reported instance of Disable or Modify Tools bypassing Avast Software Avast Free Antivirus, recorded with its original source. Factual record; no assessment of any specific deployment.

Product

Avast Software Avast Free Antivirus

Technique

Disable or Modify Tools

MITRE ATT&CK

T1562.001

Confidence

High

Severity

High

Status

unknown

Disclosed

2025-11-11

Config / version noted

Yes

Provenance

nvd.nist.gov
disclosed 2025-11-11 · original source · via nvd

Reported as

A vulnerability in the MiniFilter driver of Avast Free Antivirus before version 25.9 on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense mechanisms.

Mechanism

A collision in the MiniFilter driver can be exploited by a local admin to disable Avast's real-time scanning and self-defense features, effectively turning off the antivirus protection.

Detection & mitigation

Monitor for unexpected termination or modification of Avast processes and services (e.g., AvastSvc.exe, aswidsagent.exe) via Windows Event ID 4688 (process creation) and 7034/7036 (service stop/start). Mitigation: apply vendor patch to version 25.9 and enforce least privilege to limit local admin access.

Disable or Modify Tools has also been recorded against

Carbon Black Check Point CrowdStrike EasyAntiCheat Forcepoint Kaspersky Malwarebytes Microsoft multiple commercial EDR/AV vendors Palo Alto Palo Alto Networks Riot Games

This is a record of a publicly-reported event, not an assessment of any specific organization's deployment. Detection and mitigation notes are drawn from the cited source. Where the source is silent, fields are omitted.