This detection rule aims to identify potential application whitelisting bypass attempts leveraging dnx.exe, a utility associated with executing C# code. Attackers may exploit dnx.exe to circumvent established application controls, potentially allowing unauthorized code execution. The rule monitors the process creation activity specifically for instances where the executable name ends with '\dnx.exe'. Given the nature of the tool, it's important to acknowledge that while it serves legitimate purposes, its misuse raises significant security concerns, particularly in environments with strict application whitelisting policies. Proper alerts must be managed to differentiate between valid execution scenarios and malicious attempts.