Disclosed are systems, methods and computer program products for protecting applications deployed on a host computer from malware using virtualization. An exemplary malware protection system may include a kernel-level driver configured to intercept system calls addressed to an object of a protected application. The system also includes an analysis engine configured to determine if there are security rules associated with one or more of the intercepted system call, the object of the protected application, and the actions allowed on the object of the protected application. The security rules indicate whether the system call is allowed or not allowed to be executed on the host computer. If there is no security rule associated with the system call, the system call is executed in a secure execution environment of the host computer using a virtual copy of the object of the protected application.