Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1.	This action is responsive to:  an original application filed on 30 September 2020 with acknowledgement of a continuation of application 14/581,439 now patent 10,834,109 filed on 23 December 2014.
2.	Claims 26-45 are currently pending.  Claims 26, 33, and 40, are independent claims. 
3.	The IDS submitted on 30 October 2020 and 26 January 2021 have been considered. 
Allowable Subject Matter
4.	Claims 32 and 39 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections – 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


6.	Claims 26-27, 30, 33-34, 37, 40-41, and 44, are rejected under 35 U.S.C. 103 as being unpatentable over Nachenberg et al. U.S. Patent No. 8,904,520 (hereinafter ‘520) in view of Mircescu U.S. Patent Application Publication No. U.S. 20150096018 (hereinafter ‘018).

“determining a second reputation for the executable code” is shown in ‘520 col. 3, lines 1-31, note the security module identifies entities such as files or software application (i.e. executable code) also note a reputation score engine generates reputation scores for the hosts and the entities, therefore the executable code has a second reputation;
“updating the first reputation of the process, based on the second reputation for the executable code and the first reputation of the process” is shown in ‘520 col. 3, lines 32-38 and col. 3, line 62 through col. 4, line 20, note the reputation of an entity (i.e. executable) can be determined based on the reputation of the host the entity communicates with;the following is not explicitly taught in ‘520:
“and, if an event affects the first reputation of the process, modifying the first reputation of the process to a merge of the first reputation of the process and a third reputation of the event” however ‘018 teaches a reputation manager determines (merges) a reputation of a target process executing on the computer system according to a reputation of a set of executable modules, such as shared libraries or executable modules loaded by the target process as well as changing the reputation indicator of the target process by combining values, or ‘determining a process reputation of a target process according to the first and second module reputation indicators’, in the Abstract, paragraphs 6-10, 33, 55, 59-60, 83, 88, and 96.

	As to dependent claim 41, “The method of claim 40, further comprising: determining that the process performs a load library event; and combining a reputation of the loaded library with the first reputation of the process, if the library is identified to have a malicious reputation after the load library event has occurred” is taught in ‘018 Abstract, paragraphs 6-8, 48, 50, 54-55, and 59-60.
	As to dependent claim 44, “The method of claim 40, further comprising: if the reputation of the electronic device has changed, combining the reputation of the electronic device with the first reputation of the process” is shown in ‘520 col. 8, lines 9-55.
	As to independent claim 26, this claim is directed to at least one non-transitory, computer-readable medium including the method of claim 40; therefore, it is rejected along similar rationale.
	As to dependent claims 27 and 30, these claims contain substantially similar subject matter as claims 41 and 44; therefore, they are rejected along similar rationale.
	As to independent claim 33, this claim is directed to an apparatus executing the method of claim 40; therefore, it is rejected along similar rationale.
	As to dependent claims 34 and 37, these claims contain substantially similar subject matter as claims 41 and 44; therefore, they are rejected along similar rationale.
s 28-29, 35-36, 42-43, are rejected under 35 U.S.C. 103 as being unpatentable over Nachenberg et al. U.S. Patent No. 8,904,520 (hereinafter ‘520) in view of Mircescu U.S. Patent Application Publication No. U.S. 20150096018 (hereinafter ‘018) in further view of Oliver et al. U.S. Patent Application Publication No. U.S. 2012/0192275 (hereinafter ‘275).
As to dependent claim 42, the following is not explicitly taught in ‘520 and ’018: “The method of claim 40, further comprising: if the process interprets a content file, combining a reputation of the content file with the first reputation of the process, wherein the content file is a script or document” however ‘275 teaches when a file is downloaded this file is sent to the reputation service and the reputation indicator is provided and the appropriate Web Interface is selected based on the reputation of the file, therefore the Web Browser process or program has a new reputation in paragraphs 19, 24, and 34.
It would have been obvious to one of ordinary skill in the art before the effective filing data of the claimed invention of a communication-based reputation system taught in ‘520, ‘528, and ‘018 to include a means to update a reputation based on the content files a program is interpreting.  One of ordinary skill in the art would have been motivated to perform such a modification because any file downloaded can be malicious therefore it would be beneficial to check the file at the time it is downloaded see ‘275 paragraphs 1-2.
	As to dependent claim 43, “The method of claim 40, further comprising: if a thread is attached to the process, combining a reputation of the thread with the first reputation of the process” is taught in ‘275 paragraph 14.
	As to dependent claims 28-29, these claims contain substantially similar subject matter as claims 42-43; therefore, they are rejected along similar rationale.
.
8.	Claims 31, 38 and 45, are rejected under 35 U.S.C. 103 as being unpatentable over Nachenberg et al. U.S. Patent No. 8,904,520 (hereinafter ‘520) in view of Mircescu U.S. Patent Application Publication No. U.S. 20150096018 (hereinafter ‘018) in further view of Niemela et al. U.S. Patent Application Publication No. U.S. 2011/0225655 (hereinafter ‘655).
	As to dependent claim 45, the following is not explicitly taught in ‘018 and ‘520: “The method of claim 40, wherein the first reputation of the process is determined based on an allow list or a block list” however ‘655 teaches determining a reputation using stored information such as whitelist (i.e. allowed list) or blacklist (i.e. block list) in paragraphs 60-61, 67, and 70-76.
	It would have been obvious to one of ordinary skill in the art before the effective filing data of the claimed invention of a communication-based reputation system taught in ‘520, ‘528, and ‘018 to include a means to determine the reputation using whitelist (i.e. allowed list) or blacklist (i.e. block list).  One of ordinary skill in the art would have been motivated to perform such a modification because more methods are needed to detect a malware program see '655 paragraphs 2-5. 
	As to dependent claims 31 and 38, these claims contain substantially similar subject matter as claim 45; therefore they are rejected along similar rationale.
Conclusion
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842.  The examiner can normally be reached from M-F 9 AM to 6PM.

		If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

____________________________
/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        22 March 2022