This detection rule identifies potential User Account Control (UAC) bypass attempts by monitoring changes made to the Windows registry specifically targeting the Event Viewer. This technique involves manipulating the registry to execute commands without proper administrative consent, which can be exploited by attackers to elevate their privileges silently. The detection mechanism focuses on registry keys related to the execution of certain tasks through Event Viewer, as most legitimate processes require elevated permissions. By scrutinizing the target object that ends with the specific command path for the Event Viewer, the rule aims to catch unauthorized attempts before they can escalate privileges or compromise the system. False positives are currently marked as 'Unknown', indicating the need for further validation when alerts trigger, but the rule operates with a high confidence level given the specificity of the target objects being monitored.