This rule aims to detect the execution of Advanced Port Scanner, a network scanning tool that can identify open ports on a target system. Detection is accomplished by monitoring process creation events in Windows for signs consistent with the execution of this specific application. The detection criteria are categorized into two selection types: one focused on image properties (such as file path and original file name) and the other on command-line parameters suggesting its use. Specifically, if either a process image contains the path of the Advanced Port Scanner, or if command-line arguments reflect its portable use, the rule flags the execution accordingly. It accounts for potential false positives relating to legitimate administrative tasks or rare tools with similar command-line identifiers, ensuring that alerts are relevant and actionable.