The rule titled 'Remote Access Tool - NetSupport Execution' is designed to detect the execution of the NetSupport Remote Control application, a legitimate remote access tool that can be exploited by adversaries to establish a command and control (C2) channel within target environments. Adversaries often utilize such tools to blend in with legitimate user activities, thereby bypassing security measures that allow these applications. The detection criteria specifically target file names and product attributes associated with NetSupport, a remote desktop software provided by NetSupport Ltd. To alert security teams, this rule looks for processes that match descriptions such as 'NetSupport Client Configurator' and the original file name 'PCICFGUI.EXE'. The rule is particularly useful in environments where remote access tools are commonplace and may not be malicious by default. However, detecting unauthorized use of tools like NetSupport is crucial as they may facilitate advanced persistent threats (APTs) and unauthorized access to sensitive networks.