This detection rule identifies instances where Windows short name paths (also known as 8.3 filenames) are used in command-line executions. The short name format can potentially be leveraged by malicious actors to circumvent traditional command-line monitoring tools, thus providing a method for evasion during execution phases. The detection criteria look for command lines that contain short name conventions, specifically those with the '~' character followed by a digit (e.g., '~1\', '~2\'). The rule is designed to trigger on these patterns while applying specific filtering conditions to reduce false positives from legitimate applications that may have unintentional interactions with this naming convention. Notably, processes like Dism.exe, cleanmgr.exe, and other system utilities are explicitly considered in the filtering criteria, ensuring that the detection focuses on suspicious activities rather than benign ones. The rule has a medium severity level, indicating a moderate associated risk. The intention is also to help cybersecurity professionals refine their detection capabilities by highlighting potential evasion techniques used in real attacks.