Memory space protection

The invention claimed is: 1. A system, comprising: at least one processor; and at least one memory including program code which when executed by the at least one processor provides operations comprising: causing a request sent from a process being executed by a computing device that is directed to an operating system executed by the computing device to be intercepted prior to it being received by the operating system, the request requesting that a portion of memory of the computing device be configured with a memory protection that allows the process to perform a memory operation on the portion of the memory, the operating system being configured to allocate a block or range of memory to the process with different memory protection attributes in response to the request if such request were not intercepted; scanning the portion of the memory to determine that instructions contained therein are malicious; responding, in response to receiving the request and the determination that the memory contains malicious instructions, to the request with a grant; configuring the portion of memory with a reduced memory protection attribute that prohibits, contrary to the requested memory protection attribute, the memory operation from being performed by the process on the portion of the memory; and detecting when the process violates the reduced memory protection attribute by at least attempting, in accordance with the grant, the memory operation prohibited by the reduced memory protection attribute. 2. The system of claim 1 , wherein the requested memory protection attribute allows the process to read, write, and execute at the portion of memory. 3. The system of claim 2 , wherein the reduced memory protection attribute prohibits the process from executing at the portion of memory but allows the process to read and write at the portion of memory. 4. The system of claim 3 , wherein the process violates the reduced memory protection attribute by at least attempting to execute at the portion of the memory. 5. The system of claim 4 , wherein the operations further comprise: in response to detecting that the process violated the reduced memory protection attribute by at least attempting to execute at the portion of the memory, determining whether one or more instructions previously written by the process to the portion of memory are malicious or benign. 6. The system of claim 5 , wherein the scanning is performed by a memory protection system. 7. The system of claim 5 , wherein the operations further comprise: modifying the reduced memory protection attribute to prohibit the process from writing at the portion of memory but to allow the process to read and execute from the portion of memory, when the one or more instructions previously written by the process to the portion of memory are determined to be benign; and detecting when the process violates the reduced memory protection attribute by at least attempting to write at the portion of the memory. 8. The system of claim 7 , wherein the attempt to write at the portion of the memory results from executing the one or more instructions previously written by the process to the portion of memory. 9. The system of claim 8 , wherein the process exhibits self-modifying behavior when the execution of the one or more instructions previously written by the process to the portion of memory results in the attempt to write at the portion of the memory. 10. The system of claim 9 , wherein the operations further comprise: in response to detecting that the process has violated the reduced memory protection attribute by at least attempting to write at the portion of the memory, emulating the one or more instructions previously written by the process to the portion of memory. 11. The system of claim 10 , wherein the emulating of the one or more instructions includes: modifying the reduced memory protection attribute to allow the process to write at the portion of memory, the allowance enabling the process to generate a different instruction stream at the portion of memory; and determining whether the different instruction stream is malicious or benign. 12. The system of claim 11 , wherein the operations further comprise: modifying the reduced memory protection attribute to allow the process to read and execute at the portion of memory but to prohibit the process from writing at the portion of memory, when the different instruction stream is determined to be benign. 13. The system of claim 11 , wherein the operations further comprise: terminating the process, when the different instruction stream is determined to be malicious. 14. The system of claim 1 , wherein the request comprises a request to allocate the portion of memory with the requested memory protection attribute or a request to modify an existing memory protection attribute of the portion of memory to the requested memory protection attribute. 15. The system of claim 1 , wherein the request is sent from the process to an operating system, and wherein the receiving of the request comprises intercepting the request sent from the process. 16. The system of claim 15 , wherein configuring the portion of the memory with the reduced memory protection attribute includes sending, to the operating system, a different request to configure the portion of memory with the reduced memory protection, the different request being sent to the operating system instead of the intercepted request. 17. The system of claim 15 , wherein the detecting comprises detecting a fault generated at the operating system, the fault indicating that the process violated the reduced memory protection attribute by at least attempting the memory operation prohibited by the reduced memory protection attribute. 18. A computer-implemented method comprising: causing a request sent from a process being executed by a computing device that is directed to an operating system executed by the computing device to be intercepted prior to it being received by the operating system, the request requesting that a portion of memory of the computing device be configured with a memory protection that allows the process to perform a memory operation on the portion of the memory; receiving the request; scanning the portion of the memory to determine that instructions contained therein are malicious; responding, in response to receiving the request and the determination that the memory contains malicious instructions, with a grant to the process without notifying the operating system such that the process remains unaware of the interception of the request and a configuration of a reduced memory protection attribute; configuring, in response and subsequent to receiving the request, the portion of memory with a reduced memory protection attribute that prohibits, contrary to the requested memory protection attribute, the memory operation from being performed by the process on the portion of the memory; and detecting when the process violates the reduced memory protection attribute by at least attempting, in accordance with the grant, the memory operation prohibited by the reduced memory protection attribute. 19. The method of claim 18 , wherein the requested memory protection attribute allows the process to read, write, and execute at the portion of memory. 20. A non-transitory computer product storing instructions which, when executed by at least one data processor, result in operations comprising: causing a request sent from a process being executed by a computing device that is di