Nice find.
I'm not too surprised by this one though.
Just from the standpoint of Comodo using file paths instead of file hashes to add to the local white list meant the devs using this type of methodology was always going to be abused.
Umm no, CIS never used just the file paths, it has always been based on file hash for the local file list.
As far as I can tell (might be wrong), as an initial fix all Comodo needs to do is make sure it always checks the cert for safe files OR creates a local store of file hashes for safe files, and checks with that each time an instance of an assumed safe file is launched.
CIS already does this for every file that is executed, it determines both the file hash and checks for a digital signed certificate, which it then checks if the vendor is a trusted vendor or not.
The vulnerability is in the way CIS checks the PE file that is attempting to access a COM interface that is provided by cmdagent, to see if it is digitally signed either by Comodo or Microsoft. CIS would do this check using the on disk file path instead of parsing the PE file in memory to check for the digital signature.