Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Application number 17/499,319 filed on 10/12/2021 has been considered by the Examiner.  Claims 1-20 are pending.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-8 and 15 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-8 and 20 of U.S. Patent No. 11,159,553. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations recited in the claims 1-8 and 15 of the instant application are anticipated by the limitations recited in the claims 1-8 and 20 of U.S. Patent No. 11,159,553.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-2, 4-9, 11-16 and 18-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Peterson (US 2015/0143502).
Regarding claim 1, Peterson discloses a method for adjusting exploit prevention configuration settings comprising: 
receiving, by a machine learning system for exploit prevention from exploit prevention software executing on a computing device, process information for one or more protected processes executing on the computing device (FIG. 1-3. ¶ [0011]-[0012], [0019]-[0021]; i.e. the firewall configuration system receives the results from the firewall wherein the results are processing/behavior information of the applications behind or protected by the firewall); 
generating, by the machine learning system, exploit prevention configuration settings based on the process information for the one or more protected processes (FIG. 1-3, ¶ [0020]-[0022]; i.e. the firewall configuration system uses the results or the application data to determine or generate the firewall configuration parameters or ranges); 
providing, by the machine learning system to the exploit prevention software executing on the computing device, the exploit prevention configuration settings (FIG. 1-3, ¶ [0020]-[0022]; i.e. the firewall configuration system provides the firewall configuration parameters or ranges to the firewall); 
receiving, by the machine learning system from the exploit prevention software, process stability data for one or more protected processes, the process stability data indicating stability of the one or more protected processes before and after application of exploit prevention configuration settings by the exploit prevention software (FIG. 3, ¶ [0022]-[0024]; i.e. the firewall configuration system continues to test the application(s) after the firewall enforces the firewall configuration and receives the results or application data which indicates whether the application(s) is/are still vulnerable or performs malicious command which means the application(s) is/are not stabilized after the new firewall configuration); 
determining, by the machine learning system based on the received process stability data, whether the one or more protected processes have become more or less stable after application of exploit prevention configuration settings by the exploit prevention software (FIG. 3, ¶ [0021]-[0025]; i.e. the firewall configuration system determines that the application(s) is/are still vulnerable or performs malicious command which means the application(s) is/are not stabilized after the new firewall configuration); and 
adjusting the exploit prevention configuration settings based on whether the one or more protected processes have become more or less stable (FIG. 3, ¶ [0021]-[0025]; i.e. the firewall configuration system determines that the application(s) is/are vulnerable or not stable and generates new configuration by adjusting one of several parameters and/or one or more security policies associated with the application firewall).
Regarding claim 2, Peterson discloses the method of claim 1, wherein the process information comprises metadata for the one or more protected processes, wherein the metadata corresponds to at least one of a process identifier, methods or functions used by the one or more protected processes, and objects used during execution of the one or more protected processes (¶ [0011]-[0012], [0024]).
Regarding claim 4, Peterson discloses the method of claim 1, wherein the exploit prevention configuration settings comprise at least one configuration setting for each protected process identified in the process information (¶ [0022], [0029]).
Regarding claim 5, Peterson discloses the method of claim 1, wherein applying the exploit prevention configuration settings comprises at least one of: a setting to cause restarting the computing device, a setting to cause restarting one or more protected processes by the computing device, a setting to cause modifying previously configured configuration settings by the computing device, and a setting to cause recompiling a file by the computing device (¶ [0025]).
Regarding claim 6, Peterson discloses the method of claim 1, wherein the process stability data comprises at least one of: system health statistics for the computing device, performance statistics for the one or more protected processes, process status for the one or more protected processes, evaluations of event files, and evaluations of checkpoints in executing code (¶ [0025]-[0026]).
Regarding claim 7, Peterson discloses the method of claim 1, further comprising: evaluating the process stability data (¶ [0025]); and when the process stability data indicates a decrease in the process stability of one or more protected processes, reducing, by the computing device, exploit protection provided by the exploit prevention configuration settings (¶ [0026]-[0027]).
Regarding claim 8, Peterson discloses a system comprising: 
at least one processor (¶ [0033]); and 
memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method comprising (¶ [0031]-[0032]): 
receiving, by a machine learning system for exploit prevention from exploit prevention software executing on a computing device, process information for one or more protected processes executing on the computing device (FIG. 1-3. ¶ [0011]-[0012], [0019]-[0021]; i.e. the firewall configuration system receives the results from the firewall wherein the results are processing/behavior information of the applications behind or protected by the firewall); 
generating, by the machine learning system, exploit prevention configuration settings based on the process information for the one or more protected processes (FIG. 1-3, ¶ [0020]-[0022]; i.e. the firewall configuration system uses the results or the application data to determine or generate the firewall configuration parameters or ranges); 

providing, by the machine learning system to the exploit prevention software executing on the computing device, the exploit prevention configuration settings (FIG. 1-3, ¶ [0020]-[0022]; i.e. the firewall configuration system provides the firewall configuration parameters or ranges to the firewall); 
receiving, by the machine learning system from the exploit prevention software, process stability data for one or more protected processes, the process stability data indicating stability of the one or more protected processes before and after application of exploit prevention configuration settings by the exploit prevention software (FIG. 3, ¶ [0022]-[0024]; i.e. the firewall configuration system continues to test the application(s) after the firewall enforces the firewall configuration and receives the results or application data which indicates whether the application(s) is/are still vulnerable or performs malicious command which means the application(s) is/are not stabilized after the new firewall configuration); 
determining, by the machine learning system based on the received process stability data, whether the one or more protected processes have become more or less stable after application of exploit prevention configuration settings by the exploit prevention software (FIG. 3, ¶ [0021]-[0025]; i.e. the firewall configuration system determines that the application(s) is/are still vulnerable or performs malicious command which means the application(s) is/are not stabilized after the new firewall configuration); and 
adjusting the exploit prevention configuration settings based on whether the one or more protected processes have become more or less stable (FIG. 3, ¶ [0021]-[0025]; i.e. the firewall configuration system determines that the application(s) is/are vulnerable or not stable and generates new configuration by adjusting one of several parameters and/or one or more security policies associated with the application firewall).
Regarding claim 9, see claim 2 above for the same reasons of rejections.
Regarding claim 11, see claim 4 above for the same reasons of rejections.
Regarding claim 12, see claim 5 above for the same reasons of rejections.
Regarding claim 13, see claim 6 above for the same reasons of rejections.
Regarding claim 14, see claim 7 above for the same reasons of rejections.
Regarding claim 15, Peterson discloses a computer program product comprising a non-transitory computer-readable medium storing instructions executable by one or more processors to perform: 
receiving, by a machine learning system for exploit prevention from exploit prevention software executing on a computing device, process information for one or more protected processes executing on the computing device (FIG. 1-3. ¶ [0011]-[0012], [0019]-[0021]; i.e. the firewall configuration system receives the results from the firewall wherein the results are processing/behavior information of the applications behind or protected by the firewall); 
generating, by the machine learning system, exploit prevention configuration settings based on the process information for the one or more protected processes (FIG. 1-3, ¶ [0020]-[0022]; i.e. the firewall configuration system uses the results or the application data to determine or generate the firewall configuration parameters or ranges); 
providing, by the machine learning system to the exploit prevention software executing on the computing device, the exploit prevention configuration settings (FIG. 1-3, ¶ [0020]-[0022]; i.e. the firewall configuration system provides the firewall configuration parameters or ranges to the firewall); 
receiving, by the machine learning system from the exploit prevention software, process stability data for one or more protected processes, the process stability data indicating stability of the one or more protected processes before and after application of exploit prevention configuration settings by the exploit prevention software (FIG. 3, ¶ [0022]-[0024]; i.e. the firewall configuration system continues to test the application(s) after the firewall enforces the firewall configuration and receives the results or application data which indicates whether the application(s) is/are still vulnerable or performs malicious command which means the application(s) is/are not stabilized after the new firewall configuration); 
determining, by the machine learning system based on the received process stability data, whether the one or more protected processes have become more or less stable after application of exploit prevention configuration settings by the exploit prevention software (FIG. 3, ¶ [0021]-[0025]; i.e. the firewall configuration system determines that the application(s) is/are still vulnerable or performs malicious command which means the application(s) is/are not stabilized after the new firewall configuration); and 
adjusting the exploit prevention configuration settings based on whether the one or more protected processes have become more or less stable (FIG. 3, ¶ [0021]-[0025]; i.e. the firewall configuration system determines that the application(s) is/are vulnerable or not stable and generates new configuration by adjusting one of several parameters and/or one or more security policies associated with the application firewall).
Regarding claim 16, see claim 2 above for the same reasons of rejections.
Regarding claim 18, see claim 4 above for the same reasons of rejections.
Regarding claim 19, see claim 5 above for the same reasons of rejections.
Regarding claim 20, see claim 6 above for the same reasons of rejections.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3, 10 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Peterson (US 2015/0143502) in view of Faigon et al. (US 2017/0353477 hereinafter Faigon).
Regarding claim 3, Peterson discloses the method of claim 1.
Peterson does not explicitly disclose wherein the process information comprises one or more hash values for the protected processes, and wherein the one or more hash values are received by the machine learning system from the exploit prevention software.
However, Faigon discloses wherein the process information comprises one or more hash values for the protected processes, and wherein the one or more hash values are received by the machine learning system from the exploit prevention software (FIG. 1, ¶ [0063], [0202]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Faigon’s teaching into Peterson in order to allow for learning of the probabilities of the machine learning feature input in an independent and agnostic fashion such that the respective meanings of the features are made irrelevant (Faigon, ¶ [0063]).
Regarding claim 10, see claim 3 above for the same reasons of rejections.
Regarding claim 17, see claim 3 above for the same reasons of rejections.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311. The examiner can normally be reached Monday-Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/C.D.N/Examiner, Art Unit 2435                                                                                                                                                                                                        
/HOSUK SONG/Primary Examiner, Art Unit 2435