Examples of the present disclosure describe systems and methods for selective export address table filtering. In aspects, when an executable program is loaded in an operating system's execution environment, an address table filtering (ATF) module is loaded into the address space of a target process associated with the executable program. The ATF module may iterate a list of system library files to identify exported function names. The relative virtual address (RVA) of the exported function names may be modified to point to a protected memory location. An exception handler may be registered to process exceptions relating to access violations of the protected memory location. If the exception handler determines that an access violation caused the detected exception, the instruction pointer of the exception may be compared to the expected system library addresses boundaries. If the instruction pointer address is outside the boundaries, remedial action may occur.