This detection rule checks for a change to the Windows registry that enables periodic backups of the system registry hives. The relevant setting is located in the registry path `\Control\Session Manager\Configuration Manager\EnablePeriodicBackup`. When the `EnablePeriodicBackup` value is set to `1` (DWORD: 0x00000001), it activates a feature that automatically backs up the registry hives to the `C:\Windows\System32\config\RegBack` directory during system restarts. This functionality was standard practice in earlier versions of Windows but was disabled starting with the October 2018 update (Windows 10 version 1803). The enabling of this option may indicate a change in system management practices either for recovery purposes or potentially as a part of malicious activities seeking to manipulate registry operations. The detection is implemented through monitoring registry settings, identifying any unauthorized modifications that may suggest malintent. The rule may generate false positives when legitimate administrators enable this feature for organizational policy compliance or backup strategies.