DETAILED ACTION

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

	Authorization for this Examiner’s Amendment was given in a telephone interview with Gene Su (Reg. No. 45,140) on 3rd August 2022.
This application has been amended as follows:
IN THE CLAIMS
Replace the following claims listed as follows.

1. (Currently Amended) A method for a computer system to perform security threat detection, wherein the method comprises:	
	intercepting, by the computer system, an egress packet from a virtualized computing instance running on the computer system itself to pause forwarding of the egress packet towards a destination;
	obtaining, from an introspection agent running on the virtualized computing instance, wherein the process is associated with a process from which the egress packet originates,and the process runs on the virtualized computing instance; 
	based on the obtained process information, initiating, by the computer system, a security analysis of the process; and
	in response to determination that the running process is a potential security threat based on the security analysis, dropping, by the computer system, the egress packet and performing, by the computer system, a remediation action; but otherwise, allowing, by the computer system, forwarding of the egress packet towards the destination.  

2. (Currently Amended) The method of claim 1, wherein obtaining the process information comprises:
	based on the egress packet, extracting identification information associated with the virtualized computing instance or the process, or both; and
	based on the identification information, obtaining the process information from [[an]]the introspection agent

3. (Original) The method of claim 1, wherein initiating the security analysis comprises:
	performing a preliminary analysis of the egress packet in the form of a domain name service (DNS) query, wherein the result of the DNS query indicates that the egress packet resolves to a domain name associated with a botnet or is an egress packet destined for a member of the botnet.
	
8. (Currently Amended) A non-transitory computer-readable storage medium that includes a set of instructions which, in response to execution by a physical processor of a computer system, cause the physical processor to perform security threat detection, wherein the method comprises:
	intercepting, by the computer system itself, an egress packet from a virtualized computing instance running on the computer system to pause forwarding of the egress packet towards a destination;
	obtaining, from an introspection agent running on the virtualized computing instance, wherein the process is associated with a process from which the egress packet originates,and the process runs on the virtualized computing instance; 
	based on the obtained process information, initiating, by the computer system, a security analysis of the process; and
	in response to determination that the running process is a potential security threat based on the security analysis, dropping, by the computer system, the egress packet and performing, by the computer system, a remediation action; but otherwise, allowing, by the computer system, forwarding of the egress packet towards the destination.  

9. (Currently Amended) The non-transitory computer-readable storage medium of claim 8, wherein obtaining the process information comprises:
	based on the egress packet, extracting identification information associated with the virtualized computing instance or the process, or both; and
	based on the identification information, obtaining the process information from [[an]]the introspection agent

15. (Currently Amended) A computer system, comprising:
	a physical processor; and
	a non-transitory computer-readable medium having stored thereon instructions that, when executed by the physical processor, cause the physical processor to
	intercept an egress packet from a virtualized computing instance running on the computer system itself to pause forwarding of the egress packet towards a destination;
	obtainfrom an introspection agent running on the virtualized computing instance, wherein the process is associated with a process from which the egress packet originates,and the process rungs on the virtualized computing instance; 
	based on the obtained process information, initiate a security analysis of the process; and
	in response to determination that the running process is a potential security threat based on the security analysis, drop the egress packet and perform a remediation action; but otherwise, allow forwarding of the egress packet towards the destination.  

16. (Currently Amended) The computer system of claim 15, wherein the instructions for obtaining the process information cause the physical processor to:
	based on the egress packet, extract identification information associated with the virtualized computing instance or the process, or both; and
	based on the identification information, obtain the process information from [[an]]the introspection agent



Allow Subject Matter

Claims 1 – 21 are allowed.
The following is an examiner’s statement of reasons for allowance:
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of record fails to teach or render obvious the claimed limitations in combination with the specific added limitations recited in each of the independent claims 1, 8 & 15 (& associated dependent claims).

This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e).  Specifically, applicant’s claim amendments and arguments filed on 7/21/2022 and Examiner’s Amendment are persuasive, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees.  Such submission should be clearly labeled “Comments on Statement of Reasons for Allowance”.  In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

           /LONGBIT CHAI/Primary Examiner, Art Unit 2431                                                                                                                                                                                                                 (No. #2319 - 2022)