This article describes theoretic design and implementation of a network model for protecting computer network users from malicious software. Data stream analysis is realized as a “man in the middle” service. The implementation also suppresses threat of DDoS attacks originating in stations of the protected segment of network. The model is implemented as socks proxy server in C/C++ programming language. Main functionality is verifying downloaded files against Cloud AV system and databases of malware and phishing websites. Files that are not binary and still can become source of an infection are checked using file type analyzer. The implementation is appropriate for deployment by internet service providers. It includes methods for data stream optimization and database structure representing known results of previous inspections. SmartScreen, a closed source protocol created by Microsoft was analyzed using reverse engineering methods for purpose of using Microsoft cloud database.