good question. i would like to know aswell
Have you read the whole thread?
I have. I can understand once the software has kernel-level rights it can do whatever it’s made to do.
PH cant terminate any process !! if with the CIS help alarms u wont allow any driver or any privilege :-TU
here are 5 pics step by step how CIS prevented PH to terminate the poor firefox 
i used the terminator tool.
ps.D+ paranoid and no white list cloud and sandbox off
ps 1: note pls to any block must check “remember my answer”
ps2: i used the latest process hacker 64 bit (win 7 64 bit) and CIS 5.10 64 bit
and voila! the firefox survived from the multiple terminator methods
[attachment deleted by admin]
so are you saying it prevented termination after ph was installed even though ph is installed in the kernel and can do whatever it wants? if so could it prevent cis from being terminated
i clicked block to alarm for kernel driver and registry write, so CIS prevented the main threat: the kernel driver load !! its very important to deny kerner drivers !!!
after CIS yes could easy to prevent PH which used 14 different methods(terminator tool) to terminate any process. CIS can block kernel drivers and can easy handle processes termination
the first things that i use agaisnt a hips firewalls are some tools:process hacker(CIS passed),spyshelter test(CIS passed all tests !!),comodo leak test(340/340),and patched-tampered files(comodo fails,cant compare files from hash SHA or MD5 but only from file name)