This document proposes a new security architecture that uses access control lists (ACLs) to prevent malware execution. Instead of scanning files for signatures like traditional antivirus software, it intercepts process execution and checks the process name and file hash against the ACL. If approved, the process runs; if not, execution is blocked. This just-in-time detection approach is more efficient than scanning and consumes less memory and system resources than traditional antivirus software. The approach was implemented using C# to intercept process initiation on Windows. Analysis showed the proposed system uses significantly less memory than other applications and antivirus software.