Abstract: A method for asynchronous processing of system calls, including detecting a system call on a computer system; filtering the system call to determine when the system call call matches a filter parameter; making a copy of the system call and asynchronously asynchronously processing the system call copy, if the system call does not pass through at through at least one filter, and the filter parameter does not match the system call; placing placing the system call into a queue; releasing the system call after an anti-virus (AV) (AV) check of the system call copy and terminating an object that caused the system call call when the AV check reveals that the system call is malicious; and for an object associated with the system call that has behavior differences compared to a previous known known non-malicious version of the object but also similarities to the previous known non-known non-malicious object, classifying the object as non-malicious.