DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Katie Koebrich on 02/07/2022.
The application has been amended as follows: Claims 1, 6, 11, 15 are amended. Claims 5 and 18 are cancelled. Claims 21 and 22 and new.
1.	(Currently Amended) A method comprising:
downloading at least a first software package to a directory associated with a first application, wherein the first application is associated with known behavior; 
associating the first software package with the first application in a controlled execution environment;
based on monitoring execution of the first application with the first software package associated therewith in the controlled execution environment, determining one or more behaviors attributable to the first software package based on the one or more behaviors deviating from the known behavior of the first application; 
determining a software package score for the first software package based on determining scores assigned to each of the one or more behaviors attributable to the first software package and determining an aggregate of the scores;
determining if the software package score should be adjusted based on a reputation of the first software package;
based on determining that the software package score should be adjusted, adjusting the software package score based on a reputation multiplier; and
generating report data that comprises the software package score and indications of the one or more behaviors. 
5.	(Cancelled) 
6.	(Currently Amended) The method of claim 1 further comprising determining the reputation multiplier 
11.	(Currently Amended) A non-transitory, computer-readable medium having instructions stored thereon that are executable by a computing device to
for each software package of a plurality of software packages retrieved for analysis, 
based on association of the software package with an application, monitor execution of the application having the software package associated therewith in a controlled environment, wherein the application is associated with known behavior;
perform a security analysis of the application with the software package associated therewith based, at least in part, on indications of behaviors of the application having the software package associated therewith that were recorded from execution of the application;
determine that a first of the indications of behaviors comprises a deviation from the known behavior of the application and is attributable to the software package;
determine a software package score for the software package based, at least in part, on a score assigned to the first indication of behavior; 
determine whether to adjust the software package score based on a reputation of the software package;
based on a determination that the software package score should be adjusted, adjust the software package score based on a reputation multiplier determined based on metadata of the software package; and
indicate the software package score and the first indication of behavior attributable to the software package. 
15.	(Currently Amended) An apparatus comprising:
a processor; and
a computer-readable medium having instructions stored thereon that are executable by the processor to cause the apparatus to,
download at least a first software package to a directory associated with a first application, wherein the first application is associated with known behavior;
associate the first software package with the first application in a controlled execution environment;
based on monitored execution of the first application with the first software package associated therewith, determine one or more behaviors attributable to the first software package rather than the first application, wherein the one or more behaviors  deviate from the known behavior of the first application; 
determine a software package score for the first software package based on a determination of scores assigned to each of the one or more behaviors attributable to the first software package and determination of an aggregate of the scores; 
determine if the software package score should be adjusted based on a reputation of the first software package;
based on a determination that the software package score should be adjusted, adjust the software package score based on a reputation multiplier; and
generate report data that comprises the software package score and indications of the one or more behaviors. 

21.	(New) The method of claim 6, wherein the metadata of the first software package comprise at least one of a release date of the software package and a number of downloads of the first software package.
22.	(New) The apparatus of claim 15, further comprising instructions executable by the processor to cause the apparatus to determine the reputation multiplier based on metadata of the software package, wherein the metadata of the software package comprise at least one of a release date of the first software package and a number of downloads of the first software package.
Allowable Subject Matter
Claims 1-4, 6-17 and 19-22 are allowed.
The following is an examiner’s statement of reasons for allowance:
The primary reason for allowance of the claims are the limitations of determining a software package score for the first software package based on determining scores assigned to each of the one or more behaviors attributable to the first software package and determining an aggregate of the scores; determining if the software package score should be adjusted based on a reputation of the first software package; based on determining that the software package score should be adjusted, adjusting the software package score based on a reputation multiplier; and generating report data that comprises the software package score and indications of the one or more behaviors.
The prior art disclosed by Adams teaches processors for determining first behavior information associated with an object based on the object being executed in a test environment. The processors receive second behavior information associated with the object based on the object being one of opened, executed, run, or installed on a user device, where the second 
The prior art fails to teach the unique limitations shown above and recited in the claims of the instant invention.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to IZUNNA OKEKE whose telephone number is (571)270-3854. The examiner can normally be reached Mon - Fri 8 - 4 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.




/IZUNNA OKEKE/Primary Examiner, Art Unit 2497