Regarding the tangential subject of locking down IE...
I have IE blocked from the internet in Comodo Firewall...
Would you mind elaborating on your approach? For example, do you mean you have rules setup for iexplore.exe that allows access to Microsoft/Windows Update but nothing else?
It has been some time since I wrote Windows applications and worked with the web browser control. I can't remember for sure, but I want to say that program XYZ hosting a web browser control for purposes of using IE's engine to access/render things would appear to Comodo as XYZ accessing the net. Thus, for example, were a trusted application such as Avast to access/render ads or information that way, they'd get through.
One thing I do is maximize the restrictions on IE's Internet Zone and then use the Trusted Zone as a white-list for the absolute minimal number of sites (currently just Microsoft Update). IIRC, and based on a recent experience with an application that seemed to use the web browser control for stuff, the web browser control honors Internet Settings at least to some extent (can't remember the details of over-riding things when hosting it). I recall reading of a supposedly better approach which uses the Internet Options Content Advisor and a custom PICS rule. I'm not sure if these approaches are out-dated though. On some fronts I'm just not keeping up (sigh).
I don't want to jack the thread, but comments on this subject would be appreciated as both IE and by extension the Windows web browser control simply aren't secured to the extent that my (main) browser is and thus the former pose a potential risk.