The 'Eventvwr UAC Bypass' detection rule identifies instances where an attacker may be attempting to bypass User Account Control (UAC) by modifying specific registry keys associated with the execution of Event Viewer (Eventvwr.msc). This analytic employs data pulled from various sources including Sysmon EventID 1, Windows Event Log Security 4688, and CrowdStrike's ProcessRollup2. As attackers can leverage this technique to escalate privileges, the detection focuses on monitoring for suspicious registry modifications and the corresponding process executions that match the UAC bypass pattern. Each detected instance warrants further investigation as it may indicate unauthorized attempts at privilege escalation, leading to arbitrary code execution and potential compromise of endpoint systems.