This detection rule identifies the use of the `rclone.exe` command-line tool, particularly focusing on specific arguments that indicate file transfer activities. Adversaries frequently use `rclone`, especially during ransomware attacks, for data exfiltration purposes. By monitoring command-line executions and process details via Endpoint Detection and Response (EDR) systems, this rule aims to detect potentially unauthorized data transfers. If the detection confirms malicious activity, immediate isolation of the affected endpoint is advised, followed by thorough investigation to avert possible data breaches.