This rule detects the use of Windows 8.3 short name paths in process creation activities, which can be employed as a tactic to avoid detection by security solutions. Short name paths provide an alternate representation for file and directory names in Windows, typically limited to 8 characters followed by a tilde (~) and a digit. For example, 'C:\Progra~1\' refers to 'C:\Program Files\'. Attackers may utilize these short names to obfuscate malicious activities, making it harder for detection mechanisms to recognize the true nature of executed processes. The rule specifically identifies when an image path contains these short name characteristics and filters out known installers to reduce false positives. The detection condition is met if an image path contains '~1\' or '~2\' while not being associated with certain known parent processes or installation tools. This overhead ensures that security teams can concentrate on potential real threats instead of benign applications that might include such paths for legitimate reasons. Investigating the context around the detected processes is recommended if the rule is triggered to confirm whether the activity is malicious or benign. The importance of filtering known installers significantly enhances the accuracy of detection while managing risks of false alerts.