Sygate and Kerio have window program alerts AFAIK
They do, but either have not been targeted yet or there is something in the way they were coded as to not allow a hijack attempt. The exact method of hijacking is of course just speculation, as the programming of the spyware certainly isn't willing to talk.

edit In your post above mine you said "comments" and I wonder if you meant commits? kerio doesn't do HTML comments because it does not filter html. but it does have the ability to commit files to the allow list, if that is what you meant?