add additional protection for CIS settings

Please add a feature that denies access to any program other than CIS, which tries to alter the settings.
At the moment, a program running in installation mode has access to the complete registry - also to the entries of CIS, so it can render the configuration completely useless (intended or unintended doesn’t matter).
Also think of “Registry Cleaners” - sure, it’s a registry cleaner, so it needs full access to the registry to do it’s job - but as you all know, registry cleaners sometimes also kill useful entries.
If a user chooses to disable Defence+, the configuration of CIS will also be completely unprotected!
Or am I wrong and this can’t happen by any protection already built into CIS???
If not, an additional layer is useful in my point of view to separate and protect the CIS settings from other applications. No other application should be allowed to write to the CIS settings, even if it’s allowed to modify my other protected registry keys!

Hello, CIS is protected by defense+ in both file and registry entries.

Not, if an application is executed as “Windows system application” (ok, I modified the rules and added the comodo registry keys to the blocked section) or as “Installer/Updater” (no way to manually edit the rules for this predefined application setting)