This detection rule identifies instances where a Windows Chromium-based browser process (like Chrome, Brave, Opera, Vivaldi, or Edge) is started with the `--disable-popup-blocking` command-line flag. This flag typically disables the built-in pop-up blocker of the browser, potentially allowing malicious actors to conduct unwanted activities without user consent. The detection is significant because in legitimate scenarios, this flag may be used in automated testing environments; however, its use in conjunction with other suspicious parameters can signify malicious intent. As such, this creates a need for thorough investigation when flagged. The analytics leverages multiple data sources, including Sysmon and Windows Event Logs, to effectively track these process events and detect possible threats to endpoint security.