Hi,
If I were you I really wouldn't worry about the first one especially, almost all software which utilizes device drivers these days will register and start it via usage of a Windows Service the normal way; this would be done via using the service manager - more advanced rootkits may attempt to perform a registry modification and then call NtLoadDriver, or just use NtSetSystemInformation, however it'd be rare to see this these days since advanced rootkits which really utilize those methods aren't in the wild as much as they used to be about 5 years ago. I've never even found a sample which does this sort of stuff, I've only learnt about it from personal tests with my own code.
Regarding the #8 for the System32 file drop, this is a protected directory by default and this means that any programs which are not running with administrative privileges will simply fail the operation of dropping to this folder - therefore, as long as you continue to apply basic and safe security practices (e.g. keeping User Account Control enabled and using it as it's intended to be used) then you'll be fine. As an example, make sure you only allow programs to run with administrative privileges if you are certain that they are safe and trusted; do the research prior to downloading it in the first place, actually.
The SetWinEventHook and SetWindowsHookEx ones are a bit tricky because you'd need to hook those functions to block them dynamically, or modify win32k.sys device driver (critical to the Windows OS - contains the GDI functions such as those ones) to patch up the exported functions to block it from affecting specific programs. A function like SetWindowsHookExA/W can definitely be abused (e.g. for injection attacks), however its used for logging the typed keystrokes on the system, more often than not. You'll need a HIPS product which supports blocking the usage of these 2 functions properly, or at least monitor it's usage, however you should know that normal Win32 programs will call this function because for features like the auto-minimize on the window drag (e.g. by default depending on configuration on the Windows OS, if you start moving the window of a program around quickly, all the others will be minimized) it uses this function to operate this functionality.
15. Injection: KnownDlls
28. Hijacking: Userinit
These are both two valid ones to consider but still rarely abused... SetWindowsHookEx has more chance of being abused than either of these two functions - not many people use them anymore. In fact, the most commonly seen injection method would be via getting the address of LoadLibraryA, allocating memory into a target process (via VirtualAllocEx), writing to the process' memory (via WriteProcessMemory) and then creating a thread into the target process remotely, causing it to call LoadLibraryA while passing in the parameter to the path of the DLL to inject (via CreateRemoteThread).
31. Hijacking: StartupPrograms
I would have assumed this would have already been covered?
-----------------
Are you sure that the Comodo HIPS is enabled? I do not use Comodo myself and thus do not know what the HIPS module supports however I am a guessing that their HIPS will cover a lot, if not all of the things on the Comodo Leak Test application...
Comodo Leak Test is old anyway, and a majority of the things on it are not really used anymore since malware is always evolving and adapting in the wild.
Hope this helped?
Stay safe,
Wave.
