DETAILED ACTION
Notice of Pre-AIA  or AIA  Status

1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2. Applicant’s arguments, see Remarks, filed 11/29/2021, with respect to 35 USC 103 rejections of claims 1-8, 13-16, and 20 as being unpatentable over Zasadrinski and Mudd and claims 9-10 and 17-18 as being unpatentable in view of Zhan and claims 11-12 and 19 as being unpatentable in view of Luger have been fully considered and are persuasive.  The 35 USC 103 rejection of 1-20 have been withdrawn. 

Allowable Subject Matter
3.    Claims 1 -20 are allowed as amended.

4.    The following is an examiner’s statement of reasons for allowance: The examiner finds novel the feature of identifying common characteristics between the telemetry data and the additional telemetry data; and updating the behavioral rules based on the telemetry data to improve accuracy of identifying further suspicious behavior by narrowing parameters of an existing rule of the behavior rules to fit within a parameter range indicated by the common characteristics. The closest prior art being "Zasadzinski" (US 20200034530 A1), “Muddu” (US20170063902 A1), “Zhan” (US 2019020551 A1), “Luger” (US 20180091559 A1), and newly cited “Anderson” (US  Zasadzinski discloses a browser resource controller that combines code metric values with a complexity analysis of rendered content to determine whether resource metric values are appropriate for a web application. The browser resource controller analyzes rendered content of a web application to generate the complexity metric values that represent the complexity of the web application. Muddu discloses a   security platform that employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. Zhan discloses systems, methods, and related technologies for account access monitoring whereby a login request associated with a device can be analyzed and a score determined. The score and a threshold can be used to determine whether to initiate an action. Luger discloses techniques and mechanisms that enable efficient collection of forensic data from client devices, also referred to as endpoint devices, of a networked computer system further enabling the correlating forensic data with other types of non-forensic data from other data sources.  Newly cite Anderson discloses a system that receives, from a monitoring agent on the endpoint device application telemetry data regarding the application.  The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.

5. What is missing from the prior art of record is a method, system, and a computer-readable storage media, a for detecting that at least one process has been launched on a computer system; receiving additional telemetry data from another computer system, wherein the additional telemetry data comprises additional characteristics of a cryptominer intrusion: identifying common characteristics between the telemetry data and the additional telemetry data; and updating the behavioral rules based on the telemetry data to improve accuracy of identifying further suspicious behavior by narrowing parameters of an existing rule of the behavior rules to fit within a parameter range indicated by the common characteristics.

Thus the prior art does not teach or suggest, either individually or in combination, the subject matter as claimed in claims 1,13, and 20. Therefore claims 1,13, and 20 are deemed allowable over the prior art of record. The corresponding depending claims that further limit claims 1,13, and 20 also contain allowable subject matter by virtue of their dependency.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Contact Information

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 2491
/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491