@glnz
I doubt you are still waiting to proceed with your planned updates, but I have noticed that the havdetectiontool behaved in the same way for me, but only for the first reboot. On a subsequent reboot, the tool went back to reporting that HAV was NOT active on the computer as long as I (still) had the Avast HAV setting enabled. My tested system is Win7 64, avast 2015.10.2.2214. Unlike you, I had no intervening installation of virtual systems. I'm NOT running the avast NG option, only toggling the avast EHAV switch.
Since I have no immediate need for other virtual software, I will probably go back to enabling avast HAV for troubleshooting, but will wait for another release cycle for NG due to some of the other reported issues with disk utilization, bloated backups, etc.
If someone knows of a FAQ for the NG feature that has system requirements, impacts, tradeoffs, etc., I'd appreciate a link. The support FAQ only says it runs processes virtually and improves DeepScreen scanning. Does that mean some behavior analysis occurs that recognizes and interrupts the virtual evil doings before actual damage is done, or something less magical than that? There's just not much info I've run across about how NG is supposed to work, even at a relatively high level.