[recentdarkness]

Already years (~7+) ago AVG introduced an out of process scanning implementation that opens the file in question with system rights however transfers the handle to a lower privileged process (restricted with ACLs) that actually performs the actual scan

[landave]

That's interesting. Unfortunately, AVG has been acquired by Avast last year [1]. I already looked into the new version of AVG a few months ago, and found that they have replaced AVG's engine with Avast's engine. Since the scanner always runs as NTAuthority\SYSTEM in the current Avast version, I would assume that the same is true for the most recent AVG version. I'm not completely sure, though, so don't quote me on that.

[1]: https://press.avast.com/avast-announces-agreement-to-acquire...

[recentdarkness]

Well since I am no longer involved with them for a long time, I can't really say how this all went and what is currently the state.

However this piece is realtively simple to implement on windows so I can only hope they would implement the same thing for avast eventually at least. This is IMHO the only sane way to do scanning without exposing the system to a huge risk