Protection against a malicious set of program instructions (e.g., a malicious program) executable by a process virtual machine. The program instructions of process virtual machine are augmented to establish an exception monitoring module within the process virtual machine. When the process virtual machine executes a subject set of program instructions, the exception monitoring module detects a security policy violation exception occurring as a result. In response thereto, the exception monitoring module gathers context information representing circumstances surrounding the occurrence of the exception, and provides the context information for analysis of a presence of malicious code. The exception monitoring module determines, based on a result of the analysis, whether to permit further execution of the subject set of program instructions by the process virtual machine.