Abstract: A method for protecting a computer, including receiving a data block, discovering code within the data block that can be disassembled for a machine instruction, building an execution path from the machine instructions, including parsing the machine instructions, and following the flow of the execution path, including conditional and unconditional branches of the machine instructions, validating an incremented location by scanning the execution path for machine instructions that increment a register that stores a location on the execution path, finding a self-modifying artifact by scanning remaining machine instructions in the execution path for an arithmetic or logic operation performed on a register that currently or previously held a location in the incremented location, finding a modified loop index by scanning remaining machine instructions in the execution path for registers that hold a loop value that is incremented or decremented, and blocking the data when finding the modified loop index.

Abstract: A method that includes receiving a data entity by the computer; storing the data entity in a first sector of the memory; wherein the first sector is isolated from another memory sector and executable code in the first sector is prevented from performing a write action to the other memory sector; generating, by the processor, an intermediate representation of the data entity; searching, by the processor, for an executable code that was not expected to be included in the data entity in the intermediate representation of the data entity; and when finding the executable code that was not expected to be included in the data entity then preventing a copying of the data entity to the other memory sector.