I have done some testing with Poweliks malware. Details are here( see post no. 8)
This malware bypasses Defence plus in safe mode because of obvious reasons.
I will suggest to comodo developers that even in safe mode one should get an alert when your browser wants to run any safe application. It might stop this and some other malware infections. I am sure the developers will understand it. Allowing a browser to launch any safe application without a pop up is not safe as browser is the target of so many exploits. It will increase the security without giving rise to many pop ups as browsers normally don,t launch so many executables by themself.
Infact I think this rule should be applied to all safe applications that are prone to exploits like java.exe, flash executables, pdf readers, office docs etc.
Or at least it can be made an option in safe mode config. I know one can intercept this malware by paranoid mode but in my opinion paranoid mode is not practical for many people. I am very happy with the safe mode but bypasses like this bug me a lot.