"Unauthorized [Avast] changes blocked...from making changes to memory"??

[echinchon2001]

Frequently at start-up, I will receive sidebar notifications from Windows Security, and I am looking for remedy. Please.
"Unauthorized changes blocked. Controlled folder access blocked [one, all, or more of exe-files below] from making changes to memory"

• C:\Program...\instup.exe
  C:\Prog...\aswidagent.exe
  C:\Prog...\AvastSvc.exe
  C:\Prog...\AvEmUpdate.exe

[igor]

Can you please post a screenshot?
Thanks.

[echinchon2001]

I will the next time that it occurs. It does not happen at every start-up, but only with apparent updates.
The frequency can be on average once per week, and today I cleared all the notifications after writing down the blocked exe-files.

[echinchon2001]

Attached are two screencaps: 1) the Notification , 2) view after clicking on Notification.

[igor]

Can you please open Event Viewer, go to Application and Services Logs (it may take a while to open), navigate to Microsoft\Windows\Windows Defender\Operational and look for the associated warnings (and post an example here)?
The warnings are related to Defender's antiransomware feature - but we're not sure what actually "making changes to memory" means, or why it doesn't consider antimalware processes safe.

[echinchon2001]

Two 'blocks', today.
Friendly Views pasted, below. (Or is XML preferred? or simply screencaps?)

- System

  - Provider

   [ Name]  Microsoft-Windows-Windows Defender
   [ Guid]  {11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}
 
   EventID 1127
 
   Version 0
 
   Level 3
 
   Task 0
 
   Opcode 0
 
   Keywords 0x8000000000000000
 
  - TimeCreated

   [ SystemTime]  2021-04-30T15:43:38.8617297Z
 
   EventRecordID 3879
 
   Correlation
 
  - Execution

   [ ProcessID]  1680
   [ ThreadID]  11536
 
   Channel Microsoft-Windows-Windows Defender/Operational
 
   Computer XXXXXX
 
  - Security

   [ UserID]  XXXXXX
 

- EventData

  Product Name Microsoft Defender Antivirus
  Product Version 4.18.2102.3
  Unused 
  ID 
  Detection Time 2021-04-30T15:43:38.856Z
  User NT AUTHORITY\SYSTEM
  Path \Device\Harddisk0\DR0
  Process Name C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
  Security intelligence Version 1.331.2590.0
  Engine Version 1.1.17900.7
--------------------------------------------------------------------------------------------

- System

  - Provider

   [ Name]  Microsoft-Windows-Windows Defender
   [ Guid]  {11cd958a-c507-4ef3-b3f2-5fd9dfbd2c78}
 
   EventID 1127
 
   Version 0
 
   Level 3
 
   Task 0
 
   Opcode 0
 
   Keywords 0x8000000000000000
 
  - TimeCreated

   [ SystemTime]  2021-04-30T15:43:06.6259805Z
 
   EventRecordID 3876
 
   Correlation
 
  - Execution

   [ ProcessID]  1680
   [ ThreadID]  8688
 
   Channel Microsoft-Windows-Windows Defender/Operational
 
   Computer XXXXXX
 
  - Security

   [ UserID]  XXXXXX
 

- EventData

  Product Name Microsoft Defender Antivirus
  Product Version 4.18.2102.3
  Unused 
  ID 
  Detection Time 2021-04-30T15:43:06.475Z
  User NT AUTHORITY\SYSTEM
  Path \Device\Harddisk0\DR0
  Process Name C:\Program Files\Avast Software\Avast\aswidsagent.exe
  Security intelligence Version 1.331.2590.0
  Engine Version 1.1.17900.7