This detection rule focuses on identifying attempted file load events in a Windows environment that do not comply with the designated signing level requirements. Non-compliance can arise from various issues, such as a revoked file signature or an expired signature with the Lifetime Signing Extended Key Usage (EKU). This rule leverages specific Event IDs (3033 and 3034) from the Code Integrity Operational logs, filtering events based on certain criteria related to the file names and the requesting process names. A variety of optional filters are included for well-known applications such as Google Drive, Microsoft Office, and different security software programs, as these can often generate false positives. The main goal of this detection rule is to effectively monitor file validity and help maintain system integrity by identifying unauthorized or potentially malicious file loads.