CIS does a great job protecting against zero day attackss. Check out this Comodo Tech Talk article about Comodo’s Kernel Mode Virtualization which states it protects against zero day attacks:
The link to this article was posted by Melih at August 22 2023.
If you know a malware capable of circumventing the sandbox or have a proof of concept of an attack vector that circumvents the sandbox Comodo is always interested.
Luckily CIS also has a recognizer in the behavior blocker which is capable of detecting malware like behavior and a dedicated recognizer to look for cryptolocker activity in particular
What you are trying to say is that you want to have guarantee that detection will pick up a failure of the sandbox. That is a problematic proposition given the limitations of detection based solutions.