This analytic rule detects the execution of 'msiexec.exe' with the '/y' switch, which is often used to register DLLs in Windows systems. This situation is noteworthy as it may indicate an attempt to execute malicious DLLs, facilitating potential code execution or establishing persistence on the affected system. The detection utilizes data from Endpoint Detection and Response (EDR) tools, monitoring process command-line arguments along with the relationships between parent and child processes. Verification of the detected activity as malicious could permit attackers to run arbitrary code, escalate privileges, or sustain presence on the network, emphasizing the crucial need for monitoring these processes.