Does the Logon Scripts technique allow execution before antivirus software starts?

Yes, the article demonstrates that Logon Scripts execute before certain antivirus software like 360, allowing malicious scripts to perform restricted operations (e.g., creating environment variables via WMI) without being blocked. This was tested by writing a value to the registry within the logon script and confirming it succeeded. For details, check the Logon Scripts persistence article.