An approach you may consider taking is one similar to that used by Dynamic Security Agent.It uses behavioural monitoring based on normal resource usage of applications which are averaged over the learning period.It then looks for unusual deviations from the norm,unusually high cpu usage etc.
I should explain,I’m meaning that in conjunction with the whitelist of approved applications.
HIPS programs aren’t simply for computer geeks! I am proof.
I don’t know a lot about computers. Because I don’t, I try to put the best security software on my computer and get good, sound advice from people that know more than me.
And let me tell you, HIPS doesn’t have to be HARD. I am presently using a program called On-line Armor (by Tall Emu). This program is SO easy to use. It doesn’t alert me with a ton of pop ups. It just does it’s job quietly in the background.
On-line Armor is an ideal HIPS program in my opinion, designed for the computer novice like me im mind. If Comodo were to develop a HIPS program, I hope they would follow the same philosophy that Tall Emu did.
By the way, I mentioend that I try to use “best in class” products. Right now I use:
NOD32
On-line Armor
Comodo Firewall
Hey Mr. Bips,
This is EXACTLY why CPF is alerting you.
When an executable is run within a sandbox environment, its internal signature appears differently to the fireall. CPF is one of the few firewalls that is smart enough to spot that something has changed in an executable that you had previously OK’d.
As a consequence, it prompts you to alert you to the fact that IE has changed in some way. You’ll find that any app you configure to run inside a sandbox-type environment will result in alerts from the smarter firewalls.
Hope this helps,
Ewen 
You gotta just love how smart CPF is! (R)