This detection rule identifies attempts to bypass User Account Control (UAC) on Windows systems using the ICMLuaUtil Elevated COM interface. The rule is engineered to detect specific patterns where the process 'dllhost.exe' is the parent image of another process that has command-line arguments containing specific Process IDs associated with elevated execution. This is indicative of a common method used by attackers to escalate privileges and execute unauthorized code while bypassing the security controls intended by UAC. The detection logic filters out false positives by specifically excluding instances of 'WerFault.exe', allowing for more accurate identification of malicious activity related to UAC bypass. Given the high level of this detection, it is crucial in identifying potentially harmful actions taken by naïve malware or sophisticated attackers attempting to manipulate system security features for illicit purposes.