This analytic rule detects the use of `net.exe` or `sc.exe` to stop services on Windows systems, a behavior often associated with adversarial tactics aiming to disable security mechanisms or critical services. The detection leverages data streams from Endpoint Detection and Response (EDR) agents, focusing on relevant process names, GUIDs, and command-line arguments that showcase service stop attempts. The termination of services can allow attackers to evade detection, disrupt critical operations, and facilitate further attacks such as ransomware incidents. The deprecated status of this analytic indicates that it may no longer be actively maintained or effective in its original capacity. Updates and adaptations to modern detection frameworks are recommended for continued relevance.