@tony@wdormann It's not exactly an "AV kill switch". It's a way for a newly installed AV product to inform the OS that a new AV product is being installed and which one. It is the OS that (rightfully) decides to disable Defender in such cases.
Yes, there are probably better ways of doing this. But don't forget that this scheme was concocted 3 decades ago, when code signing was a rarely used novelty and Windows Update didn't exist.