ADDED::
You'd think that CIS would be able to protect itself even from "Trusted" Processes.. Guess not 
I'm not sure to understand all you said (as you may already see, I'm French and my English is still not perfect xD)
But if you said that Comodo can't protect itself from safe applications, I say yes. I said it long time ago in French corner, I try it last week end. We just have to know what application we will use. I think there is lot of way to do this, we just have to find a method to stay in the safe application.
Just try, on vista or seven only (I don't know why it don't work on XP, I didn't look at this), if you execute (with admin rights) java -jar kill_cis.jar it'll work. If you try kill_cis.jar, Comodo will sandbox it.
Just imagine how many possibilities we have just with that method. And for Online Armor, it's the same issue, but they think at it a little, so some of them can't be used.