DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continuation
This application is a continuation-in-part application of US 16/431,188 (filed on Jun. 4, 2019 – now US Patent No. 10,990,675) and a continuation-in-part application of US 16/840,665 (filed Apr. 6, 2020 – now US Patent No. 11,347,881. The prosecution history and references cited in the above applications have been fully considered.
	
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/19/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 41 and 51 are objected to because of the following informalities:
Regarding claims 41 and 51: The term “fileobjects” should be corrected to “file objects”. 
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 11-20 and 41-55 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claims 11, 41, 51: The phrase “RW” in “RW-alert state” needs to be fully defined prior to using its abbreviated form.
Regarding claims 12, 46, 51: The phrase "or otherwise" renders the claims indefinite because the claims include elements not actually disclosed, thereby rendering the scope of the claims unascertainable.  See MPEP § 2173.05(d).
Regarding claims 12, 46, 51: A broad range or limitation together with a narrow range or limitation that falls within the broad range or limitation (in the same claim) may be considered indefinite if the resulting claim does not clearly set forth the metes and bounds of the patent protection desired. See MPEP § 2173.05(c). In the present instance, the claims recite the broad recitation “any machine capable of executing a set of instructions…”, and the claim also recites specific devices, such as a “PC”, “desktop computer”, etc. which are the narrower statement of the range/limitation. The claims are considered indefinite because there is a question or doubt as to whether the feature introduced by such narrower language is (a) merely exemplary of the remainder of the claim, and therefore not required, or (b) a required feature of the claims.
Regarding claim 14 and 43: The limitations “Windows”, “macOS”, “Linux”, and “Unix” are trademarked. If the trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements of the 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982). The claim scope is uncertain since the trademark or trade name cannot be used properly to identify any particular material or product. In fact, the value of a trademark would be lost to the extent that it became descriptive of a product, rather than used as an identification of a source or origin of a product. Thus, the use of a trademark or trade name in a claim to identify or describe a material or product would not only render a claim indefinite, but would also constitute an improper use of the trademark or trade name
Regarding claim 19: The limitation “the RD-module state” lacks proper antecedent basis.
Regarding claim 42: Dependent claim 42 further defines the method of claim 41 to include “step e)”. However, claim 41 already recites a “step e)”. It is unclear if claim 42 was intended to recite a new step for claim 41 or further describe the features of step e) from claim 41. 
Regarding claim 43: The limitation “the OS LanManWorkstation service” lacks proper antecedent basis.
Regarding claim 45: The limitation “in the OS registry” lacks proper antecedent basis.
Regarding claim 54: Claim 54 further defines “step e3) and is dependent on claim 51. However, claim 51 does not recite a “step e3)”.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 11-20 and 41-55 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the four categories of patent eligible subject matter because they are directed to software per se under broadest reasonable interpretation. Software is not patent eligible subject matter.
Independent claims 11 and 51 recite a “RMM (Remote Monitoring and Management) system” comprising of “module[s]” and “a cloud-based RMM platform”. None of these components are defined as strictly hardware in either the specifications or claims. Thus, the RMM system can be viewed as a software system under broadest reasonable interpretation.
Independent claim 41 recites a “Ransomware Detection (RD) and Isolation module” that comprises a “dynamic link library file and API”. The module is directed to a software module for similar reasons stated for claims 11 and 51.
The remaining claims are dependent on claims 11, 41, and 51, and are similarly rejected for the same reasons. For example, dependent claim 55 further defines the RD module as software (e.g. it is implemented as a dll call function).

Examiner Comments on Prior Art
	The claims are not currently rejected under any prior art rejections. The following were considered the most relevant prior arts to the scope of the claimed invention.
US 9,317,686: Operating system events are monitored and a file change request of a process is detected. If the process is suspicious, then the file to be changed is backed up and then the process can change the file as requested. If this process is later determined to be ransomware, the process is blocked and further file backups are halted. See Abstract.
US 2017/0364681: When a process of copying a file is detected, such as through monitoring for file copy operations, the copy of the file is determined to be encrypted or modified. Upon determining that the copy is encrypted or modified, processes currently running on the computer are suspended. See ¶34, 38, & Fig. 1.
US 2018/0018458: A monitoring process uses behavioral heuristics to detect behavior symptomatic of ransomware. This includes monitoring modify/delete/rename operations, and monitoring changes in entropy of documents. See ¶25.
US 2018/0115577 (cited in the IDS filed 12/19/2020): The file system of a user equipment (UE) is monitored for ransomware by detecting any file system events. The file system events are caused by one or more I/O calls that modifies a file. Upon detecting this file change, a behavioral analysis of the file is performed to detect any possible anomalous behavior. See ¶37.
US 2019/0012458: Primitive file operations are intercepted and compared to file filter rules to determine the validity of the operation. If a violation is detected, the severity level of the violation is determined and placed in a queue if the violation was of low severity. Upon reaching a threshold number of similar violation events, the events are escalated to a user or an administrator for review. See ¶65-66 & Fig. 4.
US 2019/0108340 (cited in the IDS filed 12/19/2020): Ransomware attacks are detected by analyzing the I/O activity in a given file system. The number of times the files in the file system were modified, created, deleted, and renamed are recorded. The recorded number is compared against a threshold and an alert is provided to a user if the number exceeds the threshold. See Abstract. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453. The examiner can normally be reached Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        5-12-2022