DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-10 are rejected under 35 U.S.C. 101 because the claims are directed to non-statutory subject matter for failure to recite hardware in the claims. In the absence of such recitation, the claims are interpreted as software per se, which is non-statutory subject matter. Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Adams et al. (US-20180204003), and further in view of Titonis et al. (US-20180025157).
Referring to claims 1, 11 and 15:
	Regarding claims 1, 11 and 15, Adams teaches a method comprising: downloading at least a first software package to a directory associated with a first application, wherein the first application is associated with known behavior (Para 40, 59 and 60…. downloaded object and determining actual/known behavior); associating the first software package with the first application in a controlled execution environment (Para 42 and 43…. test environment); based on monitoring execution of the first application with the first software package associated therewith, recording indications of behavior of the first application that deviate from the known behavior of the first application (Para 79 and 80…. deviation of test behavior from actual/known behavior); determining a software package score for the first software package based on the recorded indications of behavior deviations (Para 81 and 82….. determining maliciousness/risk posed by the object based on the recorded deviation between the test and actual behavior); and generating report data that comprises the software package score and the recorded indications of behavior deviations (Para 85…. providing an indication/report of maliciousness to an administrator based on the deviation).  
	Adams is silent with respect to a score based on the behavior deviations which indicates maliciousness. However, a threat score based on maliciousness of an application is well known in the art as disclosed by Titonis (Para 408… numerical score that indicates maliciousness of an executable). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Adams by adding a threat score to indicate the level of maliciousness of an application as taught by Titonis for the purpose of securing the system against malicious executables.

Referring to claims 2 and 16:
	Regarding claims 2 and 16, the combination of Adams and Titonis teaches the method of claim 1, further comprising performing a security analysis of the first application with the first software package associated therewith, wherein determining the software package score for the first software package is based on results of the security analysis (See Adams, Para 44…. security analysis).  
a.	Referring to claims 3, 12 and 17:
	Regarding claims 3, 12 and 17, the combination of Adams and Titonis teaches the method of claim 2, wherein the security analysis comprises at least one of a dynamic analysis and a static analysis (See Adams, Para 44).  
a.	Referring to claims 4, 13 and 19:
	Regarding claims 4, 13 and 19, the combination of Adams and Titonis teaches the method of claim 1, further comprising: comparing the software package score with a threshold (See Adams, Para 81-84 and 93… comparison of the test behavior to actual behavior); and based on determining that the software package score satisfies the threshold, indicating, in the generated report data, that the first software package is malicious (See Adams, Para 81-85 and 93…. indicating maliciousness based on the comparison)  
a.	Referring to claims 5 and 18:
	Regarding claims 5 and 18, the combination of Adams and Titonis teaches the method of claim 1, wherein determining the software package score comprises determining scores assigned to each of the recorded indications of behavior -Page 22 of 27-Docket Number: 114.PALO-01232-US-NP deviations and determining the software package score for the first software package based on an aggregate of the scores (See Titonis, Para 423-425……. aggregating scores per category).  
Referring to claim 6:
	Regarding claim 6, the combination of Adams and Titonis teaches the method of claim 1 further comprising adjusting the software package score based on a reputation multiplier, wherein the reputation multiplier is determined based on metadata of the first software package (See Titonis, Para 408… risk score over an application binary).  
a.	Referring to claim 7:
	Regarding claim 7, the combination of Adams and Titonis teaches the method of claim 1, wherein the controlled execution environment comprises a sandbox, and wherein monitoring execution of the first application comprises monitoring execution of the first application in the sandbox (See Adams, Para 43).  
a.	Referring to claims 8 and 20:
	Regarding claims 8 and 20, the combination of Adams and Titonis teaches the method of claim 1, wherein associating the first software package with a first application in a controlled execution environment comprises associating the first software package with the first application in the controlled execution environment based, at least in part, on a programming language of the first software package (See Adams, Para 39 and 45…. object/executable type which specifies the language they are programmed).  
a.	Referring to claim 9:
	Regarding claim 9, the combination of Adams and Titonis teaches the method of claim 1, further comprising storing the generated report data in a repository, wherein the repository is indexed by at least one of software package name and software package version number (See Adams, Para 23 and 85…. storing the maliciousness indication).  
a.	Referring to claims 10 and 14:

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to IZUNNA OKEKE whose telephone number is (571)270-3854. The examiner can normally be reached Mon - Fri 8 - 4 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/IZUNNA OKEKE/Primary Examiner, Art Unit 2497