Security wrappers for Windows NT/2000 encapsulate program execution to monitor their run-time behavior and ensure that they don't do anything harmful. Wrappers have be developed to ensure that email attachments can be safely opened, that web content can be safely viewed, downloaded, and executed, and that active content in office documents can be safely executed. The wrappers can be directed to allow the execution of operations that violate security rules to safely continue by virtualizing their operation so that the effects are contained within the executing process and are not visible to any other process. This ensures that processes run within their prescribed security policy (relative to the real resources protected by that security policy) without user intervention or control. Violations of that security policy are automatically and transparently contained without user involvement or knowledge. This fully autonomic safety policy eliminates the configuration problem that has plagued existing behavior monitoring systems.