This detection rule identifies attempts to exploit the ConnectWise ScreenConnect vulnerability identified as CVE-2024-1708 by monitoring security events associated with the Windows Event Code 4663. It specifically targets path traversal attacks against the ScreenConnect service. By analyzing file system events, the rule looks for unauthorized access to sensitive locations where malicious actors can gain access to critical files, potentially resulting in data exfiltration or arbitrary code execution. Confirmed threats could compromise the integrity and security of the target system. For adequate protection against such vulnerabilities, it is highly recommended to update ScreenConnect to version 23.9.8 or later.