This detection rule identifies potentially malicious use of the InstallUtil.exe tool, which is part of the .NET Framework and typically used to install and uninstall Windows services. The rule targets instances where the execution of InstallUtil.exe occurs without generating logs, which is a common tactic employed by attackers to evade detection. By monitoring process creation events, specifically for executions of InstallUtil.exe that include command-line arguments suggesting no logging (e.g., '/logfile= ' and '/LogToConsole=false'), this rule aims to flag any suspicious activities that might indicate an attempt to install or run a potentially harmful service in a stealthy manner. This technique aligns with known evasion tactics and highlights a need for vigilance when monitoring process creation logs on Windows systems.