This detection rule identifies modifications made to the Windows Registry aimed at disabling the Folder Options feature. Such modifications prevent users from viewing hidden files and file extensions, functionalities frequently exploited by malware to obscure their activities and presence. The rule specifically monitors changes to the registry path associated with Folder Options, particularly the setting designated by "NoFolderOptions" being set to "0x00000001". Engagement with this registry key is essential for maintaining system transparency and security, since if users cannot see hidden files, it becomes easier for attackers to hide malicious software. The detection leverages Sysmon's EventID 12 and EventID 13 for effective monitoring, providing a necessary alert against potential evasion techniques often employed by malicious software.