This detection rule identifies potential User Account Control (UAC) bypass attempts through the manipulation of system processes, specifically utilizing the Microsoft Configuration Tool (msconfig). The rule targets instances where processes are initiated with elevated integrity levels indicative of a heightened risk, specifically when the parent image ends with 'pkgmgr.exe' in the user's Temp directory, and the command line input is directly invoking msconfig with the '-5' parameter. By monitoring these parameters, the rule can effectively flag unauthorized or malicious attempts to exploit the UAC settings in Windows systems. The rule is based on the techniques documented in UACMe 55, which elaborates on possible avenues for privilege escalation and defense evasion through GUI modifications. As such, this detection mechanism assists in recognizing behaviors associated with advanced persistent threats (APTs) that aim to bypass Windows security mechanisms.