i clicked block to alarm for kernel driver and registry write, so CIS prevented the main threat: the kernel driver load !! its very important to deny kerner drivers !!!
after CIS yes could easy to prevent PH which used 14 different methods(terminator tool) to terminate any process. CIS can block kernel drivers and can easy handle processes termination
the first things that i use agaisnt a hips firewalls are some tools:process hacker(CIS passed),spyshelter test(CIS passed all tests !!),comodo leak test(340/340),and patched-tampered files(comodo fails,cant compare files from hash SHA or MD5 but only from file name)