DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office action is in response to AFCP 2.0, the amendment and the communication filed on 5/20/2022.
As per instant Examiner Amendment, claims 1, 13 and 17 have been amended. Claims 3, 15 and 19 have been cancelled without prejudice. Claims 1-2, 4-14, 16-18 and 20 have been examined and are pending in this application. 
Claims 1, 13 and 17 are independent.
Claims 1-2, 4-14, 16-18 and 20 are allowed

Response to Arguments/Remarks
Claim 1-2, 4-14, 16-18 and 20 are allowed

Examiner’s Statement of reason for Allowance
Claims 1-2, 4-14, 16-18 and 20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is automated detection of user device security risks related to process threads and  performing automated action based on the identification of the threads as a security risk; an example computer-implemented method includes obtaining information pertaining to threads created in connection with the user device; automatically identifying at least one of the one or more threads as a security risk by analyzing a memory start address attributed to a thread and determining the memory start address attributed to the thread is not within a memory address range of the one or more images loaded into the at least one memory; 10and performing automated action.
The closest prior art, as previously recited, are Strogov (US 20190286821), Pan (US 20090320021), Gupta (US 20190138648) in which, Strogov (US 20190286821) discloses detecting malicious applications; detect a first process has been launched on a computing device, and monitor at least one thread associated with the first process using one or more control points of the first process. An execution stack associated with the one or more control points of the first process is received from the first process. In response to detecting activity on the one or more control points of the first process, an indication that the execution of the first process is malicious is generated by applying a machine learning classifier to the received execution stack associated with the one or more control points of the first process. Pan (US 20090320021) discloses provides techniques for tracking system events to diagnose root causes of application performance anomalies; system events involved in inter-thread interactions are collected at application runtime. These traces are then used to construct inter-thread dependency patterns termed "control patterns." Control patterns are then evaluated to determine root causes of performance anomalies. Where an application terminates abnormally or full traces cannot be collected for some reason, partial control patterns are constructed for that application. Gupta (US 20190138648) discloses use an intelligent analytics interface to process natural-language and other inputs to configure an analytics task for the system. The disclosed methods, non-transitory computer readable media, and systems provide the intelligent analytics interface to facilitate an exchange between the systems and a user to determine values for the analytics task. The methods, non-transitory computer readable media, and systems then use these values to execute an analytics task.
		However, none of Strogov (US 20190286821), Pan (US 20090320021), Gupta (US 20190138648), teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent Claim1 and similarly Claim 13 and Claim 17. For example, none of the cited prior teaches or suggest the steps of Claim 1 and similarly Claim 13 and Claim 17: obtaining information pertaining to one or more processes running on a user device; obtaining information pertaining to one or more images loaded into at least one memory associated with at least one of the one or more processes running on the user device; obtaining information pertaining to one or more threads created in connection with at least one of the one or more processes running on the user device; automatically identifying at least one of the one or more threads as a security risk by analyzing a memory start address attributed to a thread and determining the memory start address attributed to the thread is not within a memory address range of at least one of the one or more images loaded into the at least one memory; and performing at least one automated action based at least in part on the identification of at least one of the one or more threads as a security risk.

Therefore the claims are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  
For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


	/C.W./Examiner, Art Unit 2439   

	/JAHANGIR KABIR/Primary Examiner, Art Unit 2439