This detection rule identifies modifications made to registry entries that are commonly used for autorun functionalities on Windows systems. The focus is on the Autostart Extensibility Points (ASEP) which include various registry paths that can be manipulated by malicious software to achieve persistence. The rule monitors specified registry keys known for autorun behavior, alerting on unauthorized changes. It includes several filters that allow the rule to distinguish between legitimate software modifications and those likely made by malware. False positives may arise from legitimate software and administrative actions that involve manipulating these registry keys. The effective monitoring of these entries helps in detecting potential persistence mechanisms employed by attackers.