This analytic rule monitors changes in the Windows registry that disable the Task Manager, which is often a tactic employed by malware like Remote Access Trojans (RATs), Trojans, or worms attempting to gain control over an infected system. By observing modifications to the registry key at the path "*\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\DisableTaskMgr" with the value set to "0x00000001", this rule helps identify malicious attempts to prevent users from terminating harmful processes. It utilizes the Endpoint.Registry data model from Sysmon, specifically focusing on EventID 12 and 13 to capture these modifications. Ensuring that this rule is operational helps in maintaining system integrity and identifying unauthorized behavior that poses a security risk.