If I can elaborate for a bit:
1). Comodo Containment is superb. Set it up in a cruel fashion and have no malware worries. This can be done in about 30 seconds and one will be covered. On the other hand, relying on HIPS alone and reacting to specific malware strains is complicated and time consuming and may not be adequate for malware that work in ways that the user may be unaware of.
2). HIPS- malware act in various ways, as do ransomware. Accessing windows API's or valid windows files in mischievous ways (LoLBin) often will be ignored by the HIPS routine. It is also important to note that at a HIPS popup you will be presented with 3 choices: Allow, Block, and Block and Terminate. if Block and Terminate is chosen all will be well. However for some malware Allow and Block are essentially equivalent in stopping (or more properly, not stopping) some malware.
A case in point (and the easiest to test) can be seen with Xdata ransomware (MD5: a0a7022caa8bd8761d6722fe3172c0af which can be found at the usual sources like AnyRun). Only a single warning popup will be seen even paranoid mode and choosing either Allow or Block will result in the encryption process to proceed (actually the initial alert will be for the Photo directory).
The point here is that if you like popups and are confident that you understand them all, fine. But Never Ever (never, ever) disable Containment, and be prepared to ALWAYS choose "Block and terminate" if relying on HIPS alone.