This detection rule identifies when an application is removed or uninstalled on a Windows system through the Windows Management Instrumentation Command-line (Wmic.exe). It monitors the creation of processes that involve Wmic.exe and observes the command line for specific keywords such as 'call' and 'uninstall'. This activity may indicate potentially unauthorized or malicious software removal, making it a critical indicator of compromise in environments where application integrity is paramount. The rule leverages process creation logs to detect relevant commands executed through Wmic.exe, helping to identify threats associated with application management that could violate security policies.