This detection rule identifies unauthorized modifications to the Windows registry that affect the Quick Scan Interval setting of Windows Defender. The rule uses Sysmon Event IDs 12 and 13 to capture changes to the relevant registry path, which is critical for maintaining the efficacy of malware detection by Windows Defender. By changing the Quick Scan Interval, an attacker can increase the window of opportunity for malware to operate undetected. This rule is essential for organizations looking to safeguard their systems against potential evasive tactics employed by malicious actors aiming to modify security settings and evade detection.