DETAILED ACTION
Continued Examination Under 37 CFR 1.114
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on July 20, 2022 has been entered.

Remarks
Pending claims for reconsideration are claims 1-20. Applicant has
Amended claims 1, 4, 8, 11, 15, and 18. 


Allowable Subject Matter
Claims 1-20 are allowed.
 The following is an examiner’s statement of reasons for allowance: 
Regarding independent claims 1, 8 and 15:
The primary prior art applied in the Final Office action Thioux et al. (U.S. 9,594,912 B1) discloses:
“…dynamic analysis engine is configured to automatically detect a function call by an application, responsive to detecting the function call, analyze contents located at one or more addresses located within a portion of memory allocated for the application, and, based on the analysis, determine whether one or more objects included in received network traffic is associated with a return-oriented programming (ROP) exploit.” (Abstract).

The secondary prior art used in the final office action Oliver (U.S. 8,805,995 B1) discloses 
“…Generally, the trigger event is indicative of some form of suspicious activity or a function which is generally targeted by threats to compromise a processing system. Examples of trigger events include a file being downloaded, a system change (such as a register key being modified), accessing sensitive data, a memory attack (ie. a heap spray), firing of a known exploit and/or a combination
thereof. Other forms of trigger events include the content being used by the client processing system, as will be discussed in more detail later in this document” (Oliver, Col 10:66-67 to Col 11:1-8).

A newly found prior art Tosa (U.S. 2015/0128266 A1) discloses:	
“…protecting a computer system from malware, such as return-oriented programming (ROP) exploits. In some embodiments, a set of references are identified within a call stack used by a thread of a target process, each reference pointing into the memory space of an executable module loaded by the target process. Each such reference is analyzed to determine whether it points to a ROP gadget, and whether the respective reference was pushed on the stack by a legitimate function call...” (Abstract). 
Another newly found prior art Gerzon et al. (U.S. 2014/0380468 A1) discloses:	
“…Responsive to receiving a call instruction, a processor of the computer system may place the return address both onto a stack and into the return address buffer. Responsive to receiving a return instruction, the processor may retrieve and compare the return addresses from the stack and the return address buffer. Should the two addresses match, the processor may continue executing the return instruction; otherwise, the processor may generate an exception, thus preventing a potential attacker from hijacking the execution flow of the current process...” (Para 0017). 
	However the prior arts alone or in combination fails to teach or suggest the claimed limitation of independent claims 1, 8 and 15 [as identified by applicant’s remarks of 06/21/2022, Specially Page 11: Para 1]  “...discovering, by an interceptor, an activation of a trigger during an execution of a thread of a process created upon opening the file, wherein the trigger describes at least an event that performs an alteration of a data structure describing rights and privileges of a process in an operating system and, one or more conditions accompanying the event which relates to an attempt to exploit a vulnerability of the file; 
	analyzing, by the interceptor, a stack of the process created upon opening the file, and discovering a chain of function calls preceding the event in a form of a sequence of call and return addresses…” along with other limitations independent claims 1, 8 and 15.
For this reason, the specific claim limitations recited in the independent claims 1, 8 and 15 taken as whole are allowed.
The dependent claims 2-7, 9-14 and 16-20 which are dependent on the above independent claims 1, 8 and 15 being further limiting to the independent claim, definite and enabled by the specification are also allowed.
	 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431