Anti-virus software is a most common method for protecting the security of Desktop operating system. However, they fall prey to a number of shortcomings such as fully depend on and need to update the virus-database frequently, long scanning time, and their inability to prevent the unknown attacks. Aiming at these, in this paper we propose a novel anomaly behavior blocking approach based on the process behavior reflected in operating system kernel, and introduce an adaptive sliding window to trace the whole process behavior sequence dynamically, two security indices, Normal-Density and Abnormal-Density are also put forward to evaluate the security status of process. By introducing them into the Network Entropy theory, we can make certain the blocking occasion and the blocking granularity accurately. Compared to the traditional blocking models based on fixed window, the experimental results show that this approach can block malicious behavior more effectively as well as drastically.