A computerized method is provided for protecting processes operating within a computing device. The method comprises an operation for identifying, by a virtualization layer operating in a host mode, when a guest process switch has occurred. The guest process switch corresponds to a change as to an operating state of a process within a virtual machine. Responsive to an identified guest process switch, an operation is conducted to determine, by the virtualization layer, whether hardware circuitry within the computing device is to access a different nested page table for use in memory address translations. The different nested page table alters page permissions for one or more memory pages associated with at least the process that are executable in the virtual machine.