This detection rule identifies potential security incidents involving the manipulation of shell open registry keys on Windows systems. Specifically, it focuses on registry keys related to 'ms-settings' and 'exefile', commonly targeted for persistence attacks and User Account Control (UAC) bypass techniques using executables such as fodhelper.exe, computerdefaults.exe, and slui.exe. The rule detects specific changes indicated by 'SetValue' event types in the Windows Registry Event Log. It includes three selection criteria: manipulation of the `SymbolicLinkValue` for 'ms-settings', changes to 'DelegateExecute' for 'ms-settings', and modifications to the (Default) values for 'ms-settings' and 'exefile' which are not empty. This scenario often accompanies privilege escalation attempts and may indicate ongoing attacks or sophisticated evasion tactics.