This detection rule identifies anomalous access to FileZilla XML configuration files, specifically recentservers.xml and sitemanager.xml, by monitoring Windows Security Event logs (EventCode 4663). The purpose of this rule is to flag unauthorized access to these sensitive configuration files, which could indicate potential malicious activities such as data exfiltration or credential theft. Legitimate FileZilla processes are excluded from the detection logic, meaning any access attempts by other processes will trigger an alert. The rule emphasizes the importance of auditing object access in Windows environments to enhance security around sensitive application files.