This detection rule identifies potential attempts to conceal file changes through the manipulation of file time attributes on macOS systems. It targets processes that modify file timestamps using the '/touch' command. Specific command-line arguments are monitored (such as '-t', '-acmr', '-d', and '-r') to determine if a timestamp modification might indicate malicious activity aimed at evading detection. This technique is commonly employed by attackers to mask unauthorized changes to files, such as the introduction of new files or the alteration of existing ones. By detecting these behaviors, the rule assists in highlighting potentially malicious activities, thereby enhancing the security posture of the monitored environment.