Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Angelo Gaz on November 9, 2021.










The application has been amended as follows: 
1.  (Currently amended) A method for detecting malicious code existing in computer code received by a client computer from a client side injection vector, the method comprising the client computer:
detecting receipt of computer code received from a client side injection vector and being displayed by the client computer to a user in a published webpage, the computer code having malicious code configured to cause a browser unwanted action in the browser when executed;
	wherein the client side injection vector is one of: 
		a network connection vector that monitors network traffic of the browser and that injects a malicious script into the computer code,
		a browser extension vector of the browser that monitors the browser and that injects a malicious script onto the webpage,
		a local virus vector that accesses a computer operating system of the client computer to proxy web traffic and that injects a malicious script onto the webpage;
executing the computer code and the malicious code in a browser sandbox of the client computer that activates the unwanted action of the malicious code, that displays execution of the computer code and the malicious code to the user, and that stops execution of the unwanted action if a security error resulting from the unwanted action is detected;
wherein the unwanted action causes a browser unwanted action without user action and causes the security error when the unwanted action occurs; 
detecting whether the security error resulting from the unwanted action exists; 
based on a type of the security error, detecting a type of client side injection vector that the computer code was received from; and 
	when the security error exists, discontinuing executing the malicious code in the browser sandbox, discontinuing displaying the malicious code on the display, and stopping execution of the unwanted action.


10. (Currently amended) A non-transitory machine readable medium storing a program having instructions which when executed by a processor will cause the processor of a client computer to detect malicious code existing in computer code received by the client computer from a client side injection vector, the instructions of the program for: 
detecting receipt of computer code received from a client side injection vector and being displayed by the client computer to a user in a published webpage, the computer code having malicious code configured to cause a browser unwanted action in the browser when executed;
	wherein the client side injection vector is one of: 
		a network connection vector that monitors network traffic of the browser and that injects a malicious script into the computer code,
		a browser extension vector of the browser that monitors the browser and that injects a malicious script onto the webpage,
		a local virus vector that accesses a computer operating system of the client computer to proxy web traffic and that injects a malicious script onto the webpage;
executing the computer code and the malicious code in a browser sandbox of the client computer that activates the unwanted action of the malicious code, that displays execution of the computer code and the malicious code to the user, and that stops execution of the unwanted action if a security error resulting from the unwanted action is detected;
wherein the unwanted action causes a browser unwanted action without user action and causes the security error when the unwanted action occurs; 
detecting whether the security error resulting from the unwanted action exists;
based on a type of the security error, detecting a type of client side injection vector that the computer code was received from; and 
	when the security error exists, discontinuing executing the malicious code in the browser sandbox, discontinuing displaying the malicious code on the display, and stopping execution of the unwanted action.

19.  (Currently amended) A client computer system for detecting malicious code existing in computer code received by the client computer from a third party, the system comprising:
	the client computer having protection code instructions to:
	detect receipt of computer code received from a client side injection vector and being displayed by the client computer to a user in a published webpage, the computer code having malicious code configured to cause a browser unwanted action in the browser when executed;
		wherein the client side injection vector is one of: 
			a network connection vector that monitors network traffic of the browser and that injects a malicious script into the computer code,
			a browser extension vector of the browser that monitors the browser and that injects a malicious script onto the webpage,
			a local virus vector that accesses a computer operating system of the client computer to proxy web traffic and that injects a malicious script onto the webpage;
	execute the computer code and the malicious code in a browser sandbox of the client computer that activates the unwanted action of the malicious code, that displays execution of the computer code and the malicious code to the user, and that stops execution of the unwanted action if a security error resulting from the unwanted action is detected;
	wherein the unwanted action causes a browser unwanted action without user action and causes the security error when the unwanted action occurs; 
	detect whether the security error resulting from the unwanted action exists; 
	based on a type of the security error, detecting a type of client side injection vector that the computer code was received from; and 
		when the security error exists, discontinue executing the malicious code in the browser sandbox, discontinue displaying the malicious code on the display, and stopping execution of the unwanted action.



Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON S HOFFMAN whose telephone number is (571)272-3863. The examiner can normally be reached Monday-Friday 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRANDON S HOFFMAN/Primary Examiner, Art Unit 2433