Apparatus, systems, and methods may operate to receive an attack request comprising operating system privilege use instructions associated with a gateway and slave process exploit code instructions. The attack request may be contained by processing the request as a user associated with an assigned slave module processing on the gateway. The slave module is prevented from connecting to or scanning any internet protocol address and port that is not specified in a policy database having network interception policy rules and file system privilege rules associated by a key comprising a slave module operating system identifier associated with the slave module. Additional apparatus, systems, and methods are disclosed.