This detection rule identifies potentially malicious BITS (Background Intelligent Transfer Service) jobs that save files with suspicious extensions on a Windows system. The rule is configured to monitor Event ID 16403 generated by BITS, which indicates a new transfer job being created. The detection focuses specifically on jobs that save files with extensions commonly associated with malicious activity. This includes scripts and executables such as .bat, .dll, .exe, .hta, .ps1, .psd1, .sh, .vbe, and .vbs. Furthermore, the rule includes optional filters that will scrutinize paths containing 'AppData' and remote file names containing '.com' to enhance its effectiveness by narrowing down the context of the transfer. The inclusion of these filters aims to limit false positives, as the specified file types may sometimes be used in legitimate scenarios. However, the recommendation is to adapt the rule based on the specific environment of deployment to mitigate the risk of misidentifying legitimate traffic as threats.