Do any HIPS or sandboxes offer a way to filter kernel calls? i.e. blocking specific kernel calls based on per-application rules? Is it even possible to do so with a loadable driver? More importantly, is it practical? I know that Windows does a lot of stuff in kernel space, so I could see where this might not be a reasonable approach. Also there are (I think?) kernel calls for e.g. memory allocation that should not be blocked. Even so: could one block certain calls to the NT kernel on a per-application basis, as a stopgap measure for dealing with zero-day kernel holes (a la Seccomp)?