See the article at:
The article lists 2.4.18.184 in the table but says it was an older version (as noted in their advisory) that was vulnerable. The article said, "There were only two personal firewalls that passed our argument validation testing successfully, Comodo Personal Firewall and Sunbelt Personal Firewall. " Did version 3 also include or carry forward the corrections for these vulnerabilities?
I’m currently looking at the free version of Online Armor which lists even more vulnerable hooked SSDT functions; however, they list version 2.0.1.215, note the vendor made the fixes, and the version today is 2.1.0.31.
The unhook testing (to see how well malware could unhook the hooked firewalls and HIPS tools) at http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm (table at http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm) had Online Armor come out better than my current pick of System Safety Monitor, and Comodo wasn’t included because apparently the HIPS in v2 wasn’t considered a contender so I don’t know how CFP3 would fare in the unhooker test.
These HIPS tools hook into ring 0 so they can monitor the system but now malware is trying to unhook them to nullify their monitoring. After getting unhooked, the HIPS is useless as the malware does whatever it wants. If I read the article correctly, Comodo 2.4 fared well (if the vulnerabilities got fixed).