This rule is designed to detect the execution of the PDQ Deploy remote administration tool, commonly used for software deployment and system management in Windows environments. The detection focuses on several key attributes associated with the PDQ Deploy Console and the actual PDQ Deploy product. When any process creation event indicates that the description or file name matches that of PDQ Deploy, the system will log this activity. The rule aims to monitor unauthorized or suspicious utilization of this tool, which can be leveraged for lateral movement within a network by attackers. False positives may occur during legitimate administrative actions, so adequate context and additional verification may be necessary to differentiate between legitimate administrative tasks and potential malicious activity.