Techniques for securing applications and operating systems are provided. In an embodiment, the system notifies a user that a security enforcement action is being taken even though the condition prompting the action is detected by a security engine that executes in kernel mode. The security engine enforces security policies that help to ensure that a vulnerability of an application or operating system cannot be exploited. In an embodiment, the security system may solicit input from a user relating to a security enforcement action even though the condition prompting the action is detected by a security engine that executes in kernel mode. Security policies may be defined as sets of rules, each having a condition and an action. The security system thus enables kernel mode components to provide notifications to a user or solicit input from the user.