This detection rule monitors the Windows environment for instances where the `sc.exe` utility is utilized to stop services. `sc.exe` (Service Control) is a command line utility that provides a way for administrators to manage Windows services. While stopping a service can be a standard administrative task, there are potential malicious scenarios wherein attackers attempt to disrupt services to achieve their objectives, making it an important activity to detect. The rule captures events where the service stop command is invoked, specifically looking for the command line containing 'stop' and commands executed by the `sc.exe` executable. The current design does not assess any specific context or motive behind the stopping action, which may lead to false positives, as legitimate administrative actions are common. Users of this rule should correlate findings with other alerting systems to analyze potential threats effectively.