This rule detects the execution of SoftPerfect's "netscan.exe", a network scanning application that has been utilized by malicious actors to gain insights into the network configuration of targeted systems. The detection is triggered when the specified conditions related to the executable file are met, particularly focusing on its image name, product name, and description. Given that "netscan.exe" can be employed for legitimate administrative purposes, the rule also acknowledges the potential for false positives stemming from authorized user activities. Thus, while it aims to identify potentially harmful behavior indicative of network reconnaissance, the context of use must be carefully evaluated before determining malicious intent.