DETAILED ACTION
Office Action Summary
Instant application claims 10/22/2020.
Claims 1-20 are pending in the instant application.
Claims 1-20 are rejected under 35 USC § 102.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Tseng et al. (US Pre-Grant Publication No: 2018/0293381) hereinafter referred to as Tseng.

As per claims 1, 9 and 17, Tseng teaches determining a plurality of features associated with executable files, wherein the plurality of features are each based on static properties in predefined structure of the executable files; (Tseng, [0024], teaches “extracted features include one or more n-gram features, an entropy feature, and a domain feature” and [0004], teaches having an executable file)
obtaining training data that includes samples of benign executable files and malicious executable files; (Tseng, [0005] and figure 5, and [0058])
extracting the plurality of features from the training data; and (Tseng, [0061]
utilizing the extracted plurality of features to train a machine learning model to detect malicious executable files. (Tseng, figure 8, and [0070] and [0071])

As per claims 2, 10 and 18, Tseng teaches wherein the steps further include providing the machine learning model for use in production to detect executable files. (Tseng, [0004]-[0005])

As per claims 3, 11 and 19, Tseng teaches wherein the steps further include obtaining data related to use of the machine learning model in production; and updating the training of the machine learning model based on the data. (Tseng, figure 7 and [0025])

As per claims 4 and 12, Tseng teaches wherein the machine learning model is used in production in a cloud-based system, and wherein the updated trained machine learning model is distributed to a plurality of enforcement nodes via a central authority. (Tseng, [0031] and [0035])

As per claims 5 and 13, Tseng teaches wherein the steps further include obtaining data related to a sandbox of executable files; and updating the plurality of features based on the data. (Tseng, [0004])

As per claims 6 and 14, Tseng teaches wherein the sandbox is associated with a cloud-based system. (Tseng, [0004])

As per claims 7 and 15, Tseng teaches wherein the executable file is a Portable Executable (PE) file. (Tseng, [0004], teaches having an Portable Executable file)

As per claims 8, 16 and 20, Tseng teaches wherein the static properties include any of file header information, file section details, file name anomalies, a digital certificate, and import/export detail. (Tseng, [0007] and [0024])

Other Art of Record
Zhang (US 11444957 B2) teaches “In recent years, anti-virus software using AI-based techniques has been developed for used in connection with detection of computer viruses; however, since such anti-virus software still uses conventional signature-based analysis (e.g., disassembly of the malicious code and extraction of a collection of static features to train a machine-learning model), conventional evasion approaches remain effective and can be used by virus writers to avoid detection. Therefore, there is a need in the art to develop improved techniques for malware detection.”
Salem et al. (US 11210392 B2) teaches “Disclosed herein are systems and methods for enabling the automatic detection of executable code from a stream of bytes. In some embodiments, the stream of bytes can be sourced from the hidden areas of files that traditional malware detection solutions ignore. In some embodiments, a machine learning model is trained to detect whether a particular stream of bytes is executable code. Other embodiments described herein disclose systems and methods for automatic feature extraction using a neural network. Given a new file, the systems and methods may preprocess the code to be inputted into a trained neural network. The neural network may be used as a “feature generator” for a malware detection model. Other embodiments herein are directed to systems and methods for identifying, flagging, and/or detecting threat actors which attempt to obtain access to library functions independently.”
Cai (US 20220067146 A1) teaches “Systems and methods for adaptive filtering of malware using a machine-learning model and sandboxing are provided. According to one embodiment, a processing resource of a sandbox appliance receives a file. A feature vector associated with the file is generated by extracting multiple static features from the file. The file is classified based on the feature vector by applying a machine-learning model. When the classification of the file is unknown, representing insufficient information is available to identify the file as malicious or benign, sandbox processing is caused to be performed on the file.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIMON P KANAAN whose telephone number is (571)270-3906.  The examiner can normally be reached on M-F (7AM-4PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SIMON P KANAAN/Primary Examiner, Art Unit 2492