This detection rule is designed to identify potential User Account Control (UAC) bypass attempts utilizing the executable 'IEInstal.exe'. Specifically, it targets scenarios where the process is initiated under certain integrity levels deemed suspicious (High, System, or specific integrity SID levels). The rule monitors the creation of a process that either originates from 'IEInstal.exe' or involves a process image path containing 'consent.exe' with a parent process indicating the execution of the targeted process from a temporary directory within user space. The rule is significant as UAC bypass techniques are commonly leveraged by attackers to escalate privileges on Windows systems.