"Rustock Trojan A Model For Future Threats"

An interesting article about a state of the art rootkit. Relevant for CPF is “Rustock also alters the function of several Windows system components to bypass firewalls.” Can CPF detect this? Especially if CPF is installed on a system where the rootkit has already established itself?