This rule detects potentially malicious modifications to the discretionary access control lists (DACL) of Windows services through the PowerShell 'Set-Service' cmdlet. Specifically, the detection focuses on instances where the 'SecurityDescriptorSddl' flag is employed, a feature that is available starting from PowerShell version 7. The use of this flag can allow attackers to manipulate service permissions in ways that could conceal services or prevent them from being stopped. The rule meticulously checks for specific command line patterns associated with the 'Set-Service' cmdlet, particularly looking for specific access control entries within the command line to ascertain if unauthorized modifications are occurring. The implementation targets processes such as PowerShell and monitors for the presence of distinctive strings in the command line parameters that indicate DACL manipulations potentially used for malicious purposes.