This detection rule identifies potential malicious activities where adversaries attempt to disrupt system operations by disabling critical scheduled tasks using the command-line tool 'schtasks.exe'. The rule specifically looks for the execution of the 'schtasks.exe' process with parameters that indicate an intention to change the state of scheduled tasks, particularly disabling them. The presence of command line arguments such as '/Change', '/TN', and '/disable' alongside references to essential Windows services like BitLocker, Windows Defender, and System Restore signifies a possible attempt to execute a denial-of-service operation by neutralizing backup and recovery mechanisms. Detection is categorized within a high severity level due to the potential impact on the integrity of the system's operational stability. This type of activity may be indicative of advanced threats looking to cause data destruction or evasion from detection prior to launching further attacks.