This detection rule identifies the installation of the AnyDesk remote access software service on Windows systems. AnyDesk is a legitimate remote desktop application, but its installation can pose security risks if not authorized by the organization. By monitoring the Service Control Manager for Event ID 7045 specifically related to the 'AnyDesk Service', this rule aims to capture unauthorized installations that may indicate potential abuse of this remote access tool. The level is classified as medium due to the possibility of both legitimate and illegitimate uses of AnyDesk. If the software is part of organizational practices, then any alerts triggered by this rule may constitute false positives.