DETAILED ACTION
Office Action Summary
Claims 1-20 are pending in the instant application.
Claims 1-20 are rejected under 35 USC § 102/103.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-4, 7-12 and 15-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Polyakov et al. (US Pre-Grant Publication No: 2010/0077481 A1) hereinafter referred to as Polyakov.

As per claims 1, 10 and 19, Polyakov teaches designating a plurality of program data installed on a computing system as protected program data; intercepting, by a kernel mode driver, a request from an untrusted application executing on the computing system to alter at least one of the protected program data; (Polyakov, page  6, left column, claim 9, teaches “threat detection component comprises a kernel-mode driver that collects information about the potential malicious applications' execution”)
classifying, by a self-defense service, the untrusted application as a malicious application based on information in the intercepted request and characteristics of the untrusted application; and (Polyakov, page  6, left column, claim 8, teaches “threat analysis component and create a signature for detecting instances of the threat; ”)
responsive to classifying the untrusted application as a malicious application, denying, by the kernel mode driver, access to the at least one of the protected program data. (Polyakov, figure 3, item 350 and [0035], teaches mitigating threat by blocking)

As per claims 2, 11 and 20, Polyakov teaches responsive to classifying the untrusted application is not a malicious application, allowing, by the kernel mode driver, execution of the request to the at least one of the protected program data. (Polyakov, figure 3, if threat not detected client process executed)

As per claims 3 and 12, Polyakov teaches wherein the request to alter the at least one protected program data comprises a request to modify or delete the at least one of the protected program data. (Polyakov, [0036], teaches “delete or registry key to modify to neutralize the threat from an identified malware application”)

As per claims 4 and 13, Polyakov teaches wherein the plurality of protected program data comprises at least one of program code and registry records for an anti-malware application. (Polyakov, [0036], teaches “delete or registry key to modify to neutralize the threat from an identified malware application”)

As per claims 7 and 16, Polyakov teaches wherein classifying by the self-defense service the untrusted application as a malicious application further comprises: applying one or more custom rules configured to describe behavior of the untrusted application. (Polyakov, [0042]machine)

As per claims 8 and 17, Polyakov teaches wherein classifying by the self-defense service the untrusted application as a malicious application further comprises: applying one or more machine learning models configured to characterize a set of features of the untrusted application corresponding to a malicious application. (Polyakov, [0034]-[0036], teaches updating remediation and signatures which is machine learning)

As per claims 9 and 18, Polyakov teaches wherein classifying by the self-defense service the untrusted application as a malicious application is performed based on one or more special registry keys. (Polyakov, [0002])

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 5-6 and 14-15 rejected under 35 U.S.C. 103 as being unpatentable over Polyakov in view of Ito et al. (US Pre-Grant Publication No: 2010/0174919) hereinafter referred to as Ito.

As per claims 5 and 14, Polyakov teaches 
But Polyakov does not teach wherein the plurality of protected program data comprises a boot loader located in a master boot record of the computing system.
However Ito teaches that boot unit has protected data with tables.
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Polyakov with the method of Ito as it is substituting protecting one data for another.

As per claims 6 and 15, Polyakov does not teach wherein the plurality of protected program data comprises at least one of boot records, partition tables, and one or more system restore points.
However Ito teaches that boot unit has protected data with tables.
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Polyakov with the method of Ito as it is substituting protecting one data for another.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIMON P KANAAN whose telephone number is (571)270-3906.  The examiner can normally be reached on M-F (7AM-4PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SIMON P KANAAN/Primary Examiner, Art Unit 2492