if processes lock the file shouldn't AV refrain from reading or even writing it?
Nope, AV hooks into the filesystem layer (the NT kernel has 'filesystem filters' for this) and intercepts all reads and writes on the system.
alt Hacker News
Nope, AV hooks into the filesystem layer (the NT kernel has 'filesystem filters' for this) and intercepts all reads and writes on the system.