This detection rule monitors for the deletion of the Raccine Rules Updater scheduled task using the `schtasks.exe` command, utilizing data from Endpoint Detection and Response (EDR) agents, particularly focusing on process names and command-line executions. The key insight lies in identifying the deletion of this task, which could indicate an attempt by adversaries to disable Raccine. Raccine is a protective tool against ransomware attacks, and its deletion may allow ransomware to execute unobstructed, resulting in data encryption and potential loss. The detection employs logging from Sysmon EventID 1, Windows Event Log Security 4688, and CrowdStrike ProcessRollup2, and is implemented through a specifically crafted search query that looks for instances where `schtasks.exe` is utilized to delete tasks associated with Raccine.