Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 1-2, 4-15 and 17-22 are allowed.
The following is an examiner’s statement of reasons for allowance:   The closest prior art, Kedma (US 2017/0046512), is directed to a self-replication detection module which detects self-replication of executable binary files by matching records in the active processes list and module file list to detect malware of a actively running process. It also detects pattern by determining at  least one match between respective at least one unique identifier, the malicious behavioral pattern findings, and at least one of the plurality of executable binary files.  Another relevant art, Blewett et al. (US 2019/0268361), teaches a  pattern set  include a criterion that the launched process is a shell.  It also teaches  process identifiers (PIDs) of a process or its parent in order to detect a malicious code that breaks out of a web browser sandbox.  Although the prior art teaches portions of the prior art, it fails to disclose per independent claims 1 and 13-14,
“generating a data set about the process based on the collected process information, the generated data set including a process identifier (PID) about the process and additional process information about the process based on the APIID; determining whether the generated data set includes a pattern; and determining whether the process is executed by a webshell based on a result of the determining whether the generated data set includes the pattern, wherein the pattern is preset based on a combination of at least two pieces of information includable in the additional process information.”
	In addition, a thorough review of the prior art fails to teach the additional features which relate to claim 11 which claims,
	“determining whether the generated set includes a pattern, and determining that the process is executed by the webshell in response to the generated data being determined to include the pattern; adding the generated set to a waiting queue; and sequentially determining whether the generated data set includes the pattern with respect to the generated data set added to the waiting queue. “


Conclusion
Any inquiry concerning this communication or earlier communications from theexaminer should be directed to Chirag R Patel whose telephone number is (571)272-7966. The examiner can normally be reached on Monday to Friday from 8:00AM to 4:30PM. If attempts to reach the examiner by telephone are unsuccessful, theexaminer's supervisor, Glenton Burgess, can be reached on 571-272-3949. The fax phone number for the organization where this application or proceedingis assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status informationfor published applications may be obtained from either Private PAIR or PublicPAIR. Status information for unpublished applications is available throughPrivate PAIR only. For more information about the PAIR system, seehttp://pairdirect.uspto.gov. Should you have questions on access to the PrivatePAIR system, contact the Electronic Business Center (EBC) at 866-217-9197(toll free). 

/Chirag R Patel/
Primary Examiner, Art Unit 2454