Windows Defender had exactly the same design, with a similar bug [1]
>The Google researchers found that MsMpEngine contains a component called NScript that analyses any filesystem or network activity that looks like JavaScript. NScript isn't sandboxed and runs at a very high privilege level, and it's used to evaluate untrusted code by default on almost every modern Windows system
Symantec broke Chrome on multiple machines for me.