This detection rule focuses on monitoring changes to the Windows Registry key "PONT_STRING" under the Outlook Options. The key modification is significant because it disables certain dialog popups in Outlook, which can facilitate the execution of malicious scripts without the user's awareness. The rule operates by leveraging data from the Endpoint.Registry datamodel to identify instances where this key is altered by processes other than the legitimate Outlook application. Such activity is often indicative of malware infections, particularly targeting email data harvesting. By utilizing Sysmon EventID 13, the rule captures relevant registry change events and assesses whether they originate from unusual or unauthorized processes. This detection mechanism aims to preempt potential threats by highlighting suspicious alterations to registry settings associated with Outlook, thereby alerting administrators to possible malware activity.