After Mr. Egemen explanation about the attack on registry key “Image File Execution Option” (DoubleAgent attack) - I believe this registry key (and all the keys defined within HIPS configuration) is protected when HIPS is on, right? Cause by default HIPS is turned off so these registry keys aren’t protected?
Yes those listed in protected registry keys are protected when HIPS is enabled. However, even if HIPS is disabled the entire registry is protected when an application is run fully virtualized in the comodo sandbox which is enabled as the default and will sandbox files based on the rules and criteria listed in the auto-sandbox rules.
P.S. I have split and moved your post to the Defense+ section
Thank you for the answer! I asked about this, since HIPS in CIS 10 seems to be a bit misbehaving sometimes (lockups), so I’m not enabling it on clients’ systems, when I configure CIS10 on them 