I’ve noticed that if you run Task Manager or Process Explorer as SYSTEM (using PsExec or some other means), cmdagent.exe and cfp.exe aren’t protected from process terminations. In fact, processes running as SYSTEM can do anything. This could be exploited by opening another process running as SYSTEM and using SetThreadContext or a similar function to kill COMODO/do other stuff. This isn’t actually going to work because COMODO would alert the user before any of these things happen, but I’m just wondering: why give processes running as SYSTEM full access to everything? What if there’s a security hole in some service running as SYSTEM and malicious code gets executed? The code might terminate cmdagent.exe and cfp.exe and there would be no more protection.
wj32.