Prosecution Insights
Last updated: July 17, 2026
Application No. 18/645,150

MANAGED SOFTWARE REMEDIATION

Final Rejection §103
Filed
Apr 24, 2024
Priority
Sep 27, 2013 — IN 4384/CHE/2013 +4 more
Examiner
HARRIS, CHRISTOPHER C
Art Unit
2432
Tech Center
2400 — Computer Networks
Assignee
McAfee LLC
OA Round
2 (Final)
76%
Grant Probability
Favorable
3-4
OA Rounds
7m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allowance Rate
286 granted / 374 resolved
+18.5% vs TC avg
Strong +25% interview lift
Without
With
+25.3%
Interview Lift
resolved cases with interview
Typical timeline
2y 10m
Avg Prosecution
13 currently pending
Career history
389
Total Applications
across all art units

Statute-Specific Performance

§101
3.2%
-36.8% vs TC avg
§103
78.8%
+38.8% vs TC avg
§102
6.2%
-33.8% vs TC avg
§112
10.2%
-29.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 374 resolved cases

Office Action

§103
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. DETAILED ACTION Remarks This Final action is in response to communications filed on 03/30/2026 claim(s) 56, 71 and 74 are amended per Applicant's request. Therefore, claims 56-75 are presently pending in the application and have been considered as follows. Examiner Note The applicant amendment has overcome the 35 USC 101 rejection to claims 56-75. Response to Arguments Applicant’s arguments, see page 7 of Applicant’s response, filed 03/30/2026, with respect to the rejection(s) of claim(s) 56-75 under 103 have been fully considered and are persuasive. In particular, Applicant’s amendments to the claims has overcome the rejection on record. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made over US 20130036231 to Hulten et al. (hereinafter “Hulten .”) in view of US 20160373917 to Khesin et al. (hereinafter “Khesin”) and further in view of NPL “MockDroid: Trading Privacy for Application Functionality on Smartphones” to Beresford et al. (hereinafter “Beresford”). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 56-65 and 67-75 are rejected under 35 U.S.C. 103 as being unpatentable over US 20130036231 to Hulten et al. (hereinafter “Hulten .”) in view of US 20160373917 to Khesin et al. (hereinafter “Khesin”) and further in view of NPL “MockDroid: Trading Privacy for Application Functionality on Smartphones” to Beresford et al. (hereinafter “Beresford”). Claim 56 Hulten teaches a computer-implemented method, comprising: upon determining that an application has a non-benign reputation, selectively installing the application based on a user input; [e.g. Hulten; Abstract, Para. 0011, 0013, 0021-0037, 0047-0056 – Hulten discloses determining that an application reputation is malicious or unknown (broadly these are non-benign) and allowing the user to selectively install the application] and ... running the application concurrently with a personalization engine to limit the application to benign behavior. [e.g. Hulten; Abstract, Para. 0011, 0013, 0021-0037, 0047-0056 – Hulten discloses that the application can run in a protected environment (e.g. personalization engine)] While Hulten teaches the computer-implemented method of claim 56 Hulten fails to explicitly teach personalizing the application. More specifically Hulten fails to teach the claimed limitations of however, Khesin teaches: personalizing the application by running the application concurrently with a personalization engine to limit the application to benign behavior. [e.g. Khesin; Abstract, Claim 3, Para. 0024-0054– Khesin discloses remediating (e.g. personalizing) the non-benign application and that user security and policy settings may be changed at runtime] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the above features in the invention as disclosed by Hulten in order to allow finer grain control of malicious applications with optimal security and improving the user experience as disclosed in paragraph 0054 of Khesin. While the combination teaches the computer-implemented method of claim 56 the combination fails to explicitly teach personalizing the application thru API interception and modification of behavior of API calls. More specifically the combination fails to teach the claimed limitations of however, Beresford teaches: wherein the personalization engine comprises executable software instructions to intercept runtime application programming interface (API) calls from the application and modifying behavior of the API calls according to personalization rules for the application. [e.g. Beresford; Abstract, Sec 1, Sec 2, Sec 3, Sec 3.1– Beresford discloses that Android applications “interact through the Android API”, that Mockdroid “modified the permission check performed at the start of each dangerous API call” and that “if a permission is mocked then the API call provides a plausible but incorrect result to the application” (e.g. intercepting runtime API calls and modifying behavior of the API calls according to mocked permission/personalization rules).] Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the above features in the invention as disclosed by the combination in order to allow users to revoke access to particular resources at runtime and providing users improved fine grained control as disclosed in Sec 1 and Sec 6 of Beresford. Claim 57: Hulten teaches the method of claim 56, wherein the non-benign reputation is a grayware reputation. [e.g. Hulten; Abstract, Para. 0011, 0013, 0021-0037, 0047-0056 – Hulten discloses determining that an application reputation is malicious. Note Para. 0003 states malware encompasses spyware and adware which are grayware. Examiner takes the position that the malicious reputation includes malware (e.g. viruses, trojan horses) and grayware (e.g. spyware, adware).] Claim 58: Hulten teaches the method of claim 56, wherein the non-benign reputation is a malware reputation. [e.g. Hulten; Abstract, Para. 0011, 0013, 0021-0037, 0047-0056 – Hulten discloses determining that an application reputation is malicious. Note Para. 0003 states malware encompasses spyware and adware which are grayware. Examiner takes the position that the malicious reputation includes malware (e.g. viruses, trojan horses) and grayware (e.g. spyware, adware).] Claim 59: Hulten and Khesin teaches the method of claim 56, further comprising: if the non-benign reputation is malware, providing the application binary to a remediation server; and receiving a healed application binary from the remediation server. [e.g. Hulten; Abstract, Para. 0011, 0013, 0021-0037, 0047-0056 – Hulten discloses determining that an application reputation is malicious.] [e.g. Khesin; Abstract, Claim 1 Para. 0018, 0024-0054– Khesin discloses a remediation gateway server that receives malicious applications and provides remediated versions (e.g. healed application binary).] Claim 60: Hulten teaches the method of claim 59, further comprising inhibiting installation of the application until after receiving the healed application binary from the remediation server. [e.g. Khesin; Abstract, Claim 9 Para. 0001, 0018, 0024-0054– Khesin discloses a remediation gateway server that receives malicious applications and provides remediated versions (e.g. healed application binary) which is done prior to installation.] Claim 61: Hulten teaches the method of claim 56, wherein installing the application based on a user configuration input comprises providing an interactive user interface element requesting confirmation to install the application; and installing the application only if a positive response is received to the interactive user interface element. [e.g. Hulten; Abstract, Para. 0011, 0013, 0021-0037, 0047-0056 – Hulten discloses determining that an application reputation is malicious or unknown (e.g. non-benign) and allowing the user to selectively install the application.] Claim 62: Hulten teaches the method of claim 61, further comprising providing, along with the interactive user interface element, an actionable, human-readable description of behaviors of the application. [e.g. Hulten; Abstract, Para. 0011, 0013, 0021-0037, 0047-0056 – Hulten discloses providing the user with a warning that includes detailed information.] Claim 63: Hulten as modified by Khesin teaches the method of claim 56, wherein personalizing the application further comprises receiving input from a user interface element to selectively provide access to system services. [e.g. Khesin; Abstract, Claim 3, Para. 0024-0054– Khesin discloses remediating (e.g. personalizing) the non-benign application and that user security and policy settings may be changed at runtime] Claim 64: Hulten as modified by Khesin teaches the method of claim 63, wherein the system services are selected from the group consisting of geographic location, e-mail, short messaging service, telephony, contacts, internet access, camera, touchscreen, microphone, and speakers. [e.g. Khesin; Abstract, Claim 3, Para. 0016, 0022-0054– Khesin discloses the security and privacy settings exercise control over mobile device.] Claim 65: Hulten as modified by Khesin teaches the method of claim 56, further comprising providing a remediation engine to personalize the application. [e.g. Khesin; Abstract, Claim 9 Para. 0001, 0018, 0024-0054– Khesin discloses a remediation gateway server that receives malicious applications and provides remediated versions (e.g. healed application binary) which is done prior to installation.] Claim 67: Hulten as modified by Khesin teaches the method of method of claim 56, further comprising: creating an application logic model of the application binary; and creating personalization rules for the application binary based on the application logic model. [e.g. Khesin; Abstract, Claim 3, 10 and 20, Para. 0001, 0018, 0024-0054– Khesin discloses conversion of executable code to source code and parsing (e.g. creating an application logic model) and incorporating security and policy settings (e.g. creating personalization rules) based on the parsed code (e.g. application logic model).] Claim 68: Hulten and Khesin teaches the method of claim 56, further comprising providing closed-loop analysis with a global threat intelligence service. [e.g. Hulten; Abstract, Para. 0011, 0013, 0021-0037, 0047-0056 – Hulten discloses the determination is made with the utilization of a reputation service provider (e.g. global threat intelligence service).] [e.g. Khesin; Abstract, Para. 0018– Khesin discloses using established reputation systems.] Claim 69: Hulten as modified by Khesin teaches the method of claim 56, wherein the application binary is an authorized application binary from a software repository. [e.g. Khesin; Abstract, Para. 0018– Khesin discloses trusted application market (e.g. software repository).] Claim 70: Hulten and Khesin teaches the method of claim 56, further comprising performing deep static analysis on the application binary and presenting to an end user a report including human-readable results of the deep static analysis, with an actionable list of behavior of the application, wherein personalizing the application is based on an end user response to the report. [e.g. Hulten; Abstract, Para. 0011, 0013, 0021-0037, 0047-0056 – Hulten discloses providing the user with a warning that includes detailed information (e.g. report).] [e.g. Khesin; Abstract, Claim 6, 10 Para. 0001, 0018, 0024-0054– Khesin discloses analyzing converted source code (e.g. deep static analysis). Khesin further discloses the user being able to change (e.g. personalize) the application at runtime.] Regarding claims 71-75 they are manufacture and device claims essentially corresponding to the above recitations, and they are rejected, at least, for the same reasons. Claim 66 is rejected under 35 U.S.C. 103 as being unpatentable over US 20130036231 to Hulten et al. (hereinafter “Hulten .”) in view of US 20160373917 to Khesin et al. (hereinafter “Khesin”) and NPL “MockDroid: Trading Privacy for Application Functionality on Smartphones” to Beresford et al. (hereinafter “Beresford”) and further in view of US 20140040979 to Barton et al. (hereinafter “Barton”) Claim 66: Hulten as modified by Khesin teaches the method of claim 56, further comprising: ...; detecting malware behavior in the application binary; and healing the application binary by inserting or removing instructions to ameliorate the malware behavior. [e.g. Khesin; Abstract, Claim 6, 10 Para. 0001, 0018, 0024-0054– Khesin discloses converting executable code to source code, detecting malicious behavior and remediating the application by inserting replaceable code and removing malicious code.] While the combination teaches the computer-implemented method of claim 56 the combination fails to explicitly teach that the application is disassembled explicitly, and only explicitly mentions decompiling. More specifically the combination fails to teach the claimed limitations of however, Barton teaches: disassembling the application binary; detecting malware behavior in the application binary; and healing the application binary by inserting or removing instructions to ameliorate the malware behavior [e.g. Barton; Abstract, Para. 0127, 0290-0307– Barton discloses disassembling the binary, detecting malicious behavior and inserting or removing code within the binary and recompiling.]. Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the above features in the invention as disclosed by the combination in order to show a simple substitution of the security enforcement mechanism (e.g. disassembling vs decompiling) to obtain the predictable result of proving security and/or removal or malicious behavior of an application. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER C HARRIS whose telephone number is (571)270-7841. The examiner can normally be reached Monday through Friday between 8:00 AM to 4:00 PM CST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CHRISTOPHER C HARRIS/Primary Examiner, Art Unit 2432
Read full office action

Prosecution Timeline

Apr 24, 2024
Application Filed
Nov 14, 2025
Non-Final Rejection (signed) — §103
Dec 29, 2025
Non-Final Rejection mailed — §103
Mar 16, 2026
Interview Requested
Mar 25, 2026
Applicant Interview (Telephonic)
Mar 30, 2026
Response Filed
Apr 04, 2026
Examiner Interview Summary
Jun 17, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670254
STORAGE ACCESS MONITORING METHOD AND STORAGE ACCESS MONITORING DEVICE
2y 2m to grant Granted Jun 30, 2026
Patent 12670251
STRUCTURING IPV6 ADDRESSES INTO BIT FIELDS TO EMBED LANGUAGE LOCALIZATION AND SERVICES
2y 1m to grant Granted Jun 30, 2026
Patent 12661778
SPARE ROBOT CONTROLLER
3y 8m to grant Granted Jun 23, 2026
Patent 12657287
SYSTEM AND METHOD AND FOR LOADING ENCLAVE-AWARE EXECUTABLES
1y 5m to grant Granted Jun 16, 2026
Patent 12645797
MALWARE DETECTION FROM APPROXIMATE INDICATORS
3y 1m to grant Granted Jun 02, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

3-4
Expected OA Rounds
76%
Grant Probability
99%
With Interview (+25.3%)
2y 10m (~7m remaining)
Median Time to Grant
Moderate
PTA Risk
Based on 374 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month