DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on May 23, 2022 has been entered.

Response to Arguments
Applicant's arguments filed May 23, 2022 have been fully considered, and they are persuasive.
Claims 1, 3, and 7 have been amended to include subject matter that was previously identified as allowable. The cited prior arts did not teach the features that were previously identified as allowable. Therefore, the 103 rejection to those claims have been withdrawn.
 
Allowable Subject Matter
Claims 1, 3, 4, 7-11, 13-14, and 16-20 are allowed. No reason for allowance is needed as the record is clear with an additional search conducted and the Applicant's response filed on May 23, 2022. 
According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary."
	

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 2014/0344926: An endpoint agent is locally installed at an endpoint to monitor the state and analyze the state of said endpoint. The agent communicates information to a security system or platform to take actions on detected threats. See ¶10-12.
US 2018/0196942: Event data from nodes, or endpoints, that form a network are analyzed using machine learning to detect threats. The events of the nodes are monitored locally and/or centrally by a monitoring node (monitored events are transmitted to the monitoring node). See ¶20-22.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453. The examiner can normally be reached Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        6-02-2022