This detection rule aims to identify the creation of files with the '.rdp' extension by uncommon applications, specifically those applications that generally do not generate RDP files as part of their normal operation. The rule surveils the Windows platform for events where a target filename ends with '.rdp'. It specifies a variety of known web browsers and communication applications (e.g., Brave, Chrome, Firefox, Microsoft Edge, Outlook, Discord) as potential sources for this file creation. The presence of an '.rdp' file created by these applications could indicate unauthorized or malicious use of remote desktop capabilities, prompting further investigation. False positives may occur but are deemed unknown, suggesting that a careful assessment might be needed to verify alerts generated by this rule. The rule is classified as high severity, emphasizing the potential risk associated with detected activities related to remote access exploits.