This detection rule monitors for anomalous access to Windows registry entries associated with default internet browsers, specifically focusing on event code 4663 from Windows Security logs. Attackers may target these registry keys to extract information regarding installed browsers and their configurations, which could lead to the compromise of sensitive user credentials and browsing data. The rule filters out legitimate access from system processes and focuses only on suspicious activity that falls outside expected system behavior. Implementation requires proper auditing settings in Group Policy to capture relevant events, and attention should be given to potential false positives stemming from legitimate software uninstall operations.