This analytic detection rule identifies attempts to bypass User Account Control (UAC) via the loading of unsigned dynamic link libraries (DLLs) by the Microsoft Management Console (MMC) application (mmc.exe). By leveraging Sysmon's EventCode 7, the rule captures instances where an unsigned DLL, which is not produced by Microsoft, is loaded by mmc.exe. Attackers sometimes exploit this method to improperly alter registry entries (CLSID) to make the system load malicious DLLs, attempting to gain elevated privileges on the system. Such actions are critical because they can allow an attacker to execute arbitrary code with higher privileges, leading to significant system compromises. The rule includes specific logging criteria to ensure accurate detection, and advises on the implementation requirements for effective use.