maybe comodo could do this on access scan of any system service and alert the user if it finds anything odd.
I think it could help improve cis alerts for system and svchost especially.
for example this alert: svchost or system is a safe app however you are about to connect to another computer
would be a great addition to the firewall and maybe something similar for killswitch to see infected svchost processes
I think that Comodo should be a plan for svchost processes in the firewall. Unfortunately now there is no monitoring on svchost by firewall. It is protected only by AV and D+. But if the infection it, can easily pass the firewall, Without any monitoring by the firewall.
This company also make : Security task manager and Network security task manager… The idea behind those 2 products could also be great additions