Systems and methods for protecting web conferences from intruders

The invention claimed is: 1. A method for providing network protection for web-based conferencing services, the method comprising: monitoring, by a kernel driver and a file system and registry filter, file operations to detect operations that involve objects belonging to a web conferencing service; receiving, by the kernel driver, a request from an application executing in a user mode, the request being for an operation to be executed in the kernel mode; when the operation involves at least one object belonging to the web conferencing service, requesting, by the kernel driver, for an authorization from a protection service executing in the user mode, wherein the at least one object is a registry item and the operation is modifying the registry item, wherein the protection service is configured to deny the request in response to detecting, using a plurality of rules, that modifying the registry item is associated with enabling access to a meeting without permission or direct invitation; and allowing, by the kernel driver, the operation to be performed only when the authorization is received from the protection service. 2. The method of claim 1 , wherein the monitoring is to detect file operations that perform at least one of: injecting processes, modifying registry keys in an operating system of the user endpoint device, and modifying at least one process of the web conferencing service. 3. The method of claim 1 , wherein the authorization is based on the application from which the request is received. 4. The method of claim 1 , further comprising: using a callback registration driver to register control callbacks which are called at process creation; and using the registered control callbacks for restricting access rights for creating processes and for actions during an open process. 5. The method of claim 1 , wherein an authorization for injecting of codes into running processes is based on verifications of signatures of running processes. 6. The method of claim 1 , wherein the protection service provides the authorization when the file operation is received from the application from an entity with a valid certificate. 7. The method of claim 1 , wherein the monitoring further comprises: monitoring to detect operations that access memory designated for confidential or personal information. 8. The method of claim 1 , wherein the protection service is further configured to deny the request in response to: detecting, using the plurality of rules, that modifying the registry item is associated with activating a camera and/or microphone of a computing device executing an application of the web conferencing service, or storing a recording in a storage location accessible without permission. 9. The method of claim 1 , wherein the object is a file comprising code that controls transmission of audio and video content captured via the web conferencing service, wherein the operation comprises modifying the file, and wherein the protection service is configured to block modification of the file if the modifying is requested by an unauthorized entity. 10. A system of a device for providing network protection for web-based conferencing services, comprising: a hardware processor; an operating system (OS) operable in a user mode and a kernel mode; and a kernel driver configured to: monitor file operations that involve objects belonging to a web conferencing service; receive a request from an application executing in a user mode, the request being for an operation to be executed in the kernel mode; when the operation involves at least one object belonging to the web conferencing service, request for an authorization from a protection service executing in the user mode, wherein the at least one object is a registry item and the operation is modifying the registry item, wherein the protection service is configured to deny the request in response to detecting, using a plurality of rules, that modifying the registry item is associated with enabling access to a meeting without permission or direct invitation; and allow the operation to be performed only when the authorization is received from the protection service. 11. The system of claim 10 , wherein the monitoring is to detect file operations that perform at least one of: injecting processes, modifying registry keys in an operating system of the user endpoint device, and modifying at least one process of the web conferencing service. 12. The system of claim 10 , the authorization is based on the application from which the request is received. 13. The system of claim 10 , wherein the kernel driver is further configured to: use a callback registration driver to register control callbacks which are called at process creation; and use the registered control callbacks for restricting access rights for creating processes and for actions during an open process. 14. The system of claim 10 , wherein an authorization for injecting of codes into running processes is based on verifications of signatures of running processes. 15. The system of claim 10 , wherein the protection service provides the authorization when the file operation is received from the application from an entity with a valid certificate. 16. The system of claim 10 , wherein the kernel driver is further configured to: monitor to detect operations that access memory designated for confidential or personal information. 17. The system of claim 10 , wherein the protection service is further configured to deny the request in response to: detecting, using the plurality of rules, that modifying the registry item is associated with activating a camera and/or microphone of a computing device executing an application of the web conferencing service, or storing a recording in a storage location accessible without permission. 18. The system of claim 10 , wherein the object is a file comprising code that controls transmission of audio and video content captured via the web conferencing service, wherein the operation comprises modifying the file, and wherein the protection service is configured to block modification of the file if the modifying is requested by an unauthorized entity. 19. A non-transitory computer readable medium storing thereon computer executable instructions for providing network protection for web-based conferencing services, including instructions for: monitoring, by a kernel driver and a file system and registry filter of a user endpoint device, file operations to detect operations that involve objects belonging to a web conferencing service; receiving, by the kernel driver, a request from an application executing in a user mode, the request being for an operation to be executed in the kernel mode; when the operation involves at least one object belonging to the web conferencing service, requesting, by the kernel driver, for an authorization from a protection service executing in the user mode, wherein the at least one object is a registry item and the operation is modifying the registry item, wherein the protection service is configured to deny the request in response to detecting, using a plurality of rules, that modifying the registry item is associated with enabling access to a meeting without permission or direct invitation; and allowing, by the kernel driver, the operation to be performed only when the authorization is received from the protection service.