This analytic rule, titled "Office Product Spawning Windows Script Host," is designed to detect suspicious activities where Office applications (like Word, Excel, etc.) spawn the Windows Script Host executables (WScript.exe or CScript.exe). Such behavior is notable because it can indicate potential malicious intent, particularly in phishing schemes or when delivering malware through Office documents. The detection relies on telemetry provided by Endpoint Detection and Response (EDR) agents, focusing on process creation events wherein common Office applications are the parent processes to script executables. It has been deprecated in favor of a newer, more comprehensive analytic approach but remains relevant for understanding specific threats through familiar attack vectors in the Microsoft Office suite. By analyzing these process details, security teams can prevent unauthorized code execution and potential data exfiltration.