This detection rule identifies attempts to disable or modify the code signing policy on Windows systems through native system utilities. Code signing is crucial for maintaining the integrity of executables, ensuring they are authentic and have not been tampered with. Attackers may seek to disable the Driver Signature Enforcement (DSE) feature, which prevents unsigned drivers from being loaded in the operating system's kernel. This rule focuses on monitoring specific commands (especially the use of "bcdedit.exe" with parameters that disable integrity checks) that are indicative of attempts to alter driver signing protections. By correlating this behavior with the appropriate logs from Windows, endpoint security products, and additional data sources from M365 Defender, SentinelOne, and CrowdStrike, analysts can investigate potentially harmful changes to the system's security posture. The inclusion of investigation and response recommendations further enhances the utility of the rule, guiding security teams on how to respond to identified threats effectively.