This rule detects security-related modifications to Internet Explorer’s ZoneMap settings, particularly when the configuration for HTTP and HTTPS protocols is altered to point to the My Computer zone. This configuration enables any downloaded files from the Internet to be treated with the same trust level as files stored locally, posing a significant security risk. If an attacker exploits this configuration change, they could execute malicious files downloaded from the web as if they originated from a legitimate local source. The detection is achieved by monitoring command line arguments associated with the Windows registry key for Internet settings. Specifically, it looks for alterations indicating the ZoneMap’s ProtocolDefaults are being changed to include the 'My Computer' setting for HTTP traffic with a trust level of 0, suggesting a downgrade in security protocols. An alert is triggered when such command patterns are observed in the system logs, helping security teams take immediate action to investigate potential breaches or unauthorized changes.