A method and system comprising a processor executing code instructions of a security filewall validation system for inspecting primitive file system operations to detect abnormal file types, abnormal file operation, or abnormal intended result files in violation of a security filewall rule set, a memory for storing the security filewall rule set describing permitted access to file types, file-paths, mounting points, data volume access rules, or data operations relating to the primitive file system operations where the security filewall validation system intercepts an attempted primitive file system operation and the security filewall validation system compares the attempted primitive file system operation including associated arguments indicating file, file location, and intended result to the security filewall rule set. The processor logs a detected filewall rule violation event when a filewall rule is violated by the attempted primitive file system operation or its associated arguments defining the primitive file system operation.