a computing system, said computing system capable of executing processes;

at least one storage device;

at least one file system located to said storage devices; and

computer executable instructions stored to said storage devices, said instructions executable by said computing system to perform the functions of:

(i) identifying running processes, said identifying optionally occurring as the processes are initiated,

(ii) assigning processes categorizations of trust, the categorizations of trust providing at least one “suspicious” categorization for processes at a level of suspicion sufficient to isolate write requests and at least one other categorization for other processes permitted to write to a file system or other storage container,

(iii) operating at least one isolation layer capable of containing file objects,

(iv) assigning an isolation layer to each process categorized under a “suspicious” categorization,

(v) for processes categorized under a “suspicious” categorization, directing write requests into the isolation layer assigned for those processes,

(vi) for processes not categorized under a “suspicious” categorization, permitting write requests to be written to a file system or other storage container rather than an isolation layer, and

(vii) providing access to file objects located in isolation layers, the access being provided to at least the processes assigned to each corresponding isolation layer.