Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-20 are presented for examination.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Mr. Stephen A Terrile (Reg. No.: 32946) on 29 October 2021.
The application has been amended as follows: 

1.	(Currently Amended)	A computer-implementable method for adaptively assessing risk associated with an endpoint, comprising:  
determining a risk level corresponding to an entity associated with an endpoint, the endpoint comprising an endpoint agent executing on a hardware processor of the endpoint; 
selecting a frequency and a duration of an endpoint monitoring interval; 
collecting user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; 
processing the user behavior to generate a current risk score for the entity; 
comparing the current risk score of the [[user]] entity to historical risk scores to determine whether a risk score of the entity has changed; [[and]] 
changing the risk score of the [[user]] entity to the current risk score when the risk score of the [[user]] entity has changed;
decreasing the frequency of the endpoint monitoring interval when the current risk scores of the entity remain substantially the same over a plurality of endpoint monitoring intervals; 
increasing the frequency of the endpoint monitoring interval when the current risk scores of the entity increase over a plurality of endpoint monitoring intervals; and,
remediating a risk associated with the entity, the remediating the risk being based upon the risk score of the entity, the remediating the risk being performed via one of the endpoint and a security analytics system, the security analytics system executing on a hardware processor of an information handling system.  

5-6.	(Canceled)

7.	(Currently Amended)	A system comprising:  
a processor;  
a data bus coupled to the processor; and 
a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for: 
determining a risk level corresponding to an entity associated with an endpoint, the endpoint comprising an endpoint agent executing on a hardware processor of the endpoint; 
selecting a frequency and a duration of an endpoint monitoring interval; 

processing the user behavior to generate a current risk score for the entity; 
comparing the current risk score of the [[user]] entity to historical risk scores to determine whether a risk score of the entity has changed; [[and]]
changing the risk score of the [[user]] entity to the current risk score when the risk score of the [[user]] entity has changed;
decreasing the frequency of the endpoint monitoring interval when the current risk scores of the entity remain substantially the same over a plurality of endpoint monitoring intervals;
increasing the frequency of the endpoint monitoring interval when the current risk scores of the entity increase over a plurality of endpoint monitoring intervals; and,
remediating a risk associated with the entity, the remediating the risk being based upon the risk score of the entity, the remediating the risk being performed via one of the endpoint and a security analytics system, the security analytics system executing on a hardware processor of an information handling system.  

11-12.	(Canceled) 

13.	(Currently Amended)	A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:  
determining a risk level corresponding to an entity associated with an endpoint; 

collecting user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint, the endpoint comprising an endpoint agent executing on a hardware processor of the endpoint;
processing the user behavior to generate a current risk score for the entity; 
comparing the current risk score of the [[user]] entity to historical risk scores to determine whether a risk score of the entity has changed; [[and]]
changing the risk score of the [[user]] entity to the current risk score when the risk score of the [[user]] entity has changed;
decreasing the frequency of the endpoint monitoring interval when the current risk scores of the entity remain substantially the same over a plurality of endpoint monitoring intervals; 
increasing the frequency of the endpoint monitoring interval when the current risk scores of the entity increase over a plurality of endpoint monitoring intervals; and,
remediating a risk associated with the entity, the remediating the risk being based upon the risk score of the entity, the remediating the risk being performed via one of the endpoint and a security analytics system, the security analytics system executing on a hardware processor of an information handling system.  

17-18.	(Canceled) 
Allowable Subject Matter
Claims 1-4, 7-10, 13-16, 19 and 20 are allowed.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTOL-892.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARREN B SCHWARTZ whose telephone number is (571)270-3850. The examiner can normally be reached 9am-7pm EST, Monday-Thursday, 9am-5pm EST, Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARREN B SCHWARTZ/Primary Examiner, Art Unit 2435