Systems and methods for universal interception of events. The methods involve: intercepting functions performed by an OS object manager which specify Physical Events (“PEs”) occurring therein, each PE comprising a real-time event occurring in an OS in runtime; obtaining PE information indicating which PEs are specified by the intercepted functions being performed by the OS object manager; analyzing the PE information to identify Virtual Events (“VEs”) which are associated with each PE, where each VE comprises an event occurring when one of a plurality of operations is performed by an OS subsystem which facilitates an occurrence of a respective PE; filtering VE information specifying the VEs identified as being associated with the PEs so as to generate filtered information specifying only select ones of the VEs; and placing the filtered information is a queue for subsequent processing to detect malware threats to a computing device.