64 bit does not block Windows messages, direct keyboard access or user logoff

I would imagine the developers are already aware of this issue. I am also aware that it might be impossible to implement this functionality in a meaningful way in x64 versions of windows due to Patchguard. However, I believe that Comodo should not include options in CIS x64 which suggest that CIS x64 can police Windows messages or direct keyboard access. This seems to be offering a false sense of security to x64 users, as under process access rights in computer security policy there are options to ask, allow or block Windows Messages and Keyboard access which can be easily bypassed. This issue should either be fixed or the ineffectual protection removed from CIS x64. At the very least, some sort of easily visible warning should be placed in the CIS x64 version reminding users that these methods of protection are not foolproof. Perhaps a seperate section under process access rights for Partial Protection, under which can be placed Windows Messages and Keyboard?

I tested this on a clean install of Windows 7 x64 (no other security software running) with Matuosec’s ssts, run in windows xp sp3 compatibility mode. Windows messages and direct keyboard access are clearly not monitored. For example, even cfp.exe can be terminated with a windows message (any of the kill3 tests from the ssts does this). User logoff can be initiated by a program without any alet.

Thanks in advance for your consideration of this issue.

Could you upload or copy and paste your ssts.conf file? And you do not need to use compatibility mode, as these test are designed for windows 7, so could you try again without compatibility mode enabled and see what the results are? Also a word of warning, I know that when I did these new tests on a XP 32-bit machine awhile ago, the file operation tests the ones that start with file, e.g. filewri1,filedel1,filemov1, etc. at one point caused me to re-install windows because I couldn’t bootup anymore.