This detection rule identifies potential abuse of the Secure Copy Protocol (SCP) on macOS systems, specifically focusing on the misuse of SCP to bypass privacy controls enforced by Full Disk Access settings. The rule targets behaviors where the SCP command is used to copy files locally through localhost (127.0.0.1), potentially indicating attempts to access sensitive data without authorization. The rule specifically looks for instances where SCP commands include the argument 'StrictHostKeyChecking=no' and are executed under certain conditions, while excluding benign cases related to Vagrant. The associated risk score of 73 suggests a significant threat level, given the implications of unauthorized data access on macOS environments. This rule is supported by specific setup instructions for Elastic Defend and highlights key investigation steps to differentiate between legitimate use and potential compromise.