DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Terminal Disclaimer
The terminal disclaimer filed on September 22, 2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US 10,621,346 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Allowable Subject Matter
Claims 1-22 are allowed.
The following is an examiner’s statement of reasons for allowance: The present invention is directed to a method and system for reducing threat detection processing based on a comparison of similarity measures associated with both an edited version of a file and a previously processed file. Each independent claim recites the uniquely distinct features of “recognizing that a file is an edited version of a previously processed file; retrieving, from an archive, metadata values and an entropy measure for the
previously processed file; parsing the file into metadata values and property groups,
taking into account format of the file, and calculating an entropy measure for the
file: applying similarity measures to compare the metadata values and the entropy
measures for the edited version and the previously processed file; and avoiding full
threat scanning of the file to detect malware except when a similarity measure or a
combination of the similarity measures reaches a scanning trigger”. The closest prior
arts, Li et al (US 8,806,.641) and Scaife et al (US 20190228153), fall to anticipate or
render the above underlined limitations obvious.
	Li teaches a system for detecting malware variants in an application file. Li's
system compares an application package file to a known malware package file to
determine if a threat is present Li’s system fails to teach or suggest comparing similarity
measures of the metadata values, entropy and hashes of the edited version of a file to
similarity measures of the metadata values, entropy and hashes of the previously
processed file to determine if the system needs to do a full threat scan of the edited file.
	Scaife teaches a system for detecting malware through monitoring data
transformations. Scaife’s system compares similarity-preserving hash functions of a file
before modification and after modification. Scaife’s system fails to teach or suggest
determining if the system needs to do a full threat scan of the modified file based on the
comparison of the similarity values of the two files.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MATTHEW SMITHERS/
Primary Examiner
Art Unit 2437