EXAMINER'S AMENDMENT

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Applicants’ attorney, Mr. Robert Mazzarese, reg. 42,852, on 03/19/2021.
The application has been amended as follows: 

1.  (Currently amended) A computer program product for controlling a firewall, the computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on an endpoint, performs the steps of:
	storing a process cache in a kernel space of an operating system on the endpoint, the endpoint having a memory that includes the kernel space and a user space and the process cache storing a name, a path and a type for each of a number of processes executing in the user space, wherein the kernel space storing the process cache is protected against manipulation by processes executing in the user space;
	monitoring network traffic to and from the endpoint from a kernel driver executing in the kernel space;
	detecting a network communication between one of the processes and a remote resource with the kernel driver; 
	in response to detecting the network communication, retrieving, from the process cache in the kernel space, the name, the path and the type for the one of the processes from the process ; and
applying a firewall rule based on the name, the path, and the type for the one of the processes.

5.  (Currently amended) A method comprising:
	storing a process cache in a kernel space of an operating system on an endpoint, the endpoint having a memory that includes the kernel space and a user space and the process cache storing process data for a process executing in the user space including at least a name, a path, and a type for the process, wherein the kernel space storing the process cache is protected against manipulation by processes executing in the user space;
	monitoring network traffic to and from the endpoint with a kernel driver;
	detecting a network communication between the process and a remote resource with the kernel driver; 
	in response to detecting the network communication, retrieving, from the process cache in the kernel space, the process data including the name, the path, and the type with the kernel driver and transmitting the process data to a firewall for the endpoint; and
applying a firewall rule to the network communication based on the process data.

6.  (Currently amended) The method of claim 5 wherein the 

7.  (Canceled).

9.  (Canceled)

16.  (Currently amended) A system comprising:
	an endpoint having a memory and an operating system that organizes the memory into a user space and a kernel space;

	a process cache in the kernel space of the operating system, the process cache storing process data including at least a name, a path, and a type for a process executing in the user space, wherein the kernel space storing the process cache is protected against manipulation by processes executing in the user space; and
	a kernel driver in the kernel space of the operating system, the kernel driver configured to monitor network traffic to and from the endpoint, to detect a network communication between the process and a remote resource, and, in response to detecting the network communication, to retrieve, from the process cache in the kernel space, the process data including the name, the path, and the type for the process and to transmit the process data to the firewall, wherein the firewall applies a firewall rule to the network communication based on the process data.

18.  (Currently amended) The system of claim 16 wherein the 

19.  (Canceled).

21.  (New) The system of claim 16 wherein the firewall includes a remote firewall coupled to the endpoint through a data network.

22.  (New) The system of claim 16 wherein the firewall includes a local firewall executing on the endpoint.

23. (New)  The system of claim 16 wherein the endpoint transmits a unique identifier for use by the firewall in identifying the process as a source of the network communication. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUSTIN NGUYEN whose telephone number is (571)272-3971.  The examiner can normally be reached on Monday-Friday 9-6 PST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-2727952.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DUSTIN NGUYEN/Primary Examiner, Art Unit 2446