5.This can be done by a malware.
Try the test2 in VK ! 
https://forums.comodo.com/leak-testingattacksvulnerability-research/registry-test-from-ghost-security-t38635.0.html
Taskmgr is a trusted process, can you please retest with an ‘untrusted’ task manager?
You can try the test2 in VK ! (The program is unknown by CIS)
The result is the same.
Conclusion:
The virtkiosk.exe can be controlled by any VKed process.
Then I’ll move this post to bug reports.
1.Enable the HIPS and safe mode
C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe
2012-12-23 20:25:12 C:\WINDOWS\system32\taskmgr.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe
Good one! ;D :-TU
But the virtkiosk.exe is still killed by the test2.
They should harden the Kiosk against kill attacks from ‘inside’ with internal measures not depend on users HIPS settings.
This problem, dependency on HIPS, is a known bug #141 on the mods tracking system
a256886572008
I would be very grateful if you could please post a bug report in standard format, as this is an important security issue.
Best wishes
Mouse
PM sent
A. The bug/issue
(1) I enabled the the password protection for Virtual Kiosk.
(2) In VK, I terminated the virtkiosk.exe by the task manager.
(3) I clicked on the X button on the window.
I successfully switched to the window without typing the password. >:-D
What you expected to happen or see:
The virtkiosk.exe should not be controlled by any VKed(or virtualized) process.
How you tried to fix it & what happened:
(1) Enable the HIPS and safe mode
(2) Add the following one to the group, “CIS”
C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe
(3) Then, the VK will not be terminated by the task manager.
2012-12-23 20:25:12 C:\WINDOWS\system32\taskmgr.exe Access Memory C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe
(4)But the virtkiosk.exe is still killed by the test2.
If its a software compatibility problem have you tried the compatibility fixes (link in format)?:
none
Details & exact version of any software (except CIS) involved (with download link unless malware):
none
Whether you can make the problem happen again, and if so exact steps to make it happen:
It always happen.
Any other information (eg your guess regarding the cause, with reasons):
The virtkiosk.exe is not protected by VK.
Any virtualized process can easily control it.
B. Files appended. (Please zip unless screenshots).
0. A diagnostics report file (Click ‘?’ in top right of main GUI) Required for all issues):
attached
Screenshots illustrating the bug:
none
Screenshots of related CIS event logs:
none
A CIS config report or file.
none
Crash or freeze dump file:
none
Screenshot of More~About page. Can be used instead of typed product and AV database version.
none
C. Your set-up
CIS version, AV database version & configuration used:
comodo firewall v 6.0.260739.2674
The configuration is Comodo Internet Security.
a) Have you updated (without uninstall) from from a previous version of CIS: no
b) if so, have you tried a clean reinstall (without losing settings - if not please do)?: yes
a) Have you imported a config from a previous version of CIS: no
b) if so, have U tried a standard config (without losing settings - if not please do)?:
Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.): disable the file rating
Defense+/HIPS, Autosandbox/BBlocker, Firewall & AV security levels: D+/HIPS=disabled , ASB/BB=partially limited , Firewall = safe mode, AV = not installed
OS version, service pack, number of bits, UAC setting, & account type:
Windows XP Pro SP3 32bit
Other security and utility software currently installed:
none
Other security software previously installed at any time since Windows was last installed:
avast free antivirus, bitdefender free antivirus, virtualbox,…,etc
Virtual machine used (Please do NOT use Virtual box):
no
[attachment deleted by admin]
I add that it is still possible exclusion of various items in the folder: C: \ Program Files \ COMODO \ COMODO Internet Security, with all modules active protection
Hi R
Thanks for doing this bug report
Having a bit of difficulty fully understanding this one, though I’m sure you are right.
Am I correct that the issues is as follows:
In addition it’s generally undesirable that security processes can be killed by malware, but in this case killing virtkiosk just leaves the malware process running virtualised.
So the system is protected as before, though privacy is not.
Is that correct?
If so I will update you bug report accordingly before forwarding it if that’s OK
Mouse
Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.
Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.
Many thanks again
Mouse
Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.
Thank you.
PM sent.
Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.
Thank you.
PM sent.
The issue occurred for CIS v6.2 build 2847.
Wish:
Restart VK after the main processes are terminated.
Thank you for checking this.
I have also received feedback from Comodo that they have confirmed this bug. However, they have marked it as Confirmed and Deferred. This means that they will eventually fix this, but at the moment there are many other bugs which must first be addressed.
I hope you understand and can coexist with this bug until they are able to fix it.
Thank you.
