This detection rule identifies potential DLL sideloading attempts involving the rcdll.dll file on Windows systems. DLL sideloading is a technique attackers use to insert malicious DLLs into legitimate processes, effectively bypassing security measures. The detection strategy focuses on images that end with 'rcdll.dll' and filters out known legitimate paths that typically include Microsoft Visual Studio and Windows Kits. If the condition is met wherein rcdll.dll is loaded from a path that is not within the specified filter paths, the rule triggers, indicating a potential security incident that warrants further investigation. The rule is categorized under high severity due to the implications of privilege escalation and evasion tactics that can be associated with such attacks.