This detection rule is designed to identify a specific method used by attackers to bypass User Account Control (UAC) on Windows systems using Event Viewer. By manipulating Windows Registry settings, particularly targeting the command associated with `.mscfile` file types, attackers can escalate their privileges without triggering UAC prompts. The rule focuses on the `TargetObject` which, if it ends with `_Classes\mscfile\shell\open\command\(Default)`, indicates an attempt to modify which application will open the `.msc` (Microsoft Management Console) files. The detection mechanism involves checking if the registry modification is made and ensuring that the value starts with the expected command structure for executing the Microsoft Management Console. If both the detection criteria are met and there are no conflicting filter conditions, the rule will trigger an alert to notify of a potential UAC bypass attempt. This technique is categorized under persistence mechanisms (ATT&CK T1547.010) and is relevant for Windows security monitoring, especially in environments where elevated privileges are a concern.