DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the communication filed on May 19, 2022 in response to the first office action on merit.

Remarks
Pending claims for reconsideration are claims 1-20. Applicant has
Amended claims 1, 8, and 14. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on May 19, 2022 was filed after the mailing date of the application 16/366065 on March 27, 2019.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Allowable Subject Matter
Claims 1-20 are allowed.
 The following is an examiner’s statement of reasons for allowance: 
Regarding independent claims 1, 8, and 14:
The primary prior art applied in the Non-Final Office action Bhatkar et al. (U.S. Patent No.: US 8,555,385 B1) discloses generation of signatures i.e., “a rule set identifying one or more high level behaviors” for one or more observable events i.e., “events” (Col 9: 45-49; and Col 12: 1-5), where the “observable events may comprise one or more of: system calls, execution history, API calls, a system log, a debug log, an HTTP access log, and a network activity log” (Col 1: 48-51). Bhatkar also discloses user interface for reporting malware behavioral analysis (Col 12: 28-30).

The secondary prior art used in the Non-Final Office Action Pilipenko et al. (U.S. Patent No.: US 10,169,585 B1) discloses a transition event is detected i.e., an “event packet” by a virtual machine then evaluating the event in a VMMI emulated environment (Col 10: 61-67). 

A newly found prior art Hajmasan et al. (US 9460284 B1) discloses:
The detection routines are formulated in bytecode and executed within a bytecode translation virtual machine. Execution of a detection routine comprises translating bytecode instructions of the respective routine into native processor instructions, for instance via interpretation or just-in-time compilation. Execution of the respective routines is triggered selectively, due to the occurrence of specific events within the protected client system. Detection routines may output a set of scores, which may be further used by the security application to determine whether a monitored entity is malicious (Abstract). 

	However the prior arts alone or in combination fails to teach or suggest the claimed limitation of independent claims 1, 8, and 14 [as identified by applicant’s remarks of 05/19/2022] “...when an event indication is received, identifying a target rule associated with the received event indication;
	generating an event packet based on the received event indication, the event packet comprising a unique identifier selected from a table of events and a parameter relating to the event…” along with other limitations independent claims 1, 8, and 14.
For this reason, the specific claim limitations recited in the independent claims 1, 8, and 14 taken as whole are allowed.
The dependent claims 2-7, 9-13, and 15-20 which are dependent on the above independent claims 1, 8, and 14 being further limiting to the independent claim, definite and enabled by the specification are also allowed.
	 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431