This detection rule identifies potentially malicious activity involving the creation of Windows Scheduled Tasks configured to run with the highest privileges. Using Sysmon and Windows Event Log data, the rule specifically targets executions of `schtasks.exe` that use the `/rl` and `highest` command-line parameters. This is significant in the context of persistent threats where adversaries, such as those utilizing AsyncRAT, maintain access and escalate their privileges for malicious purposes. Endpoint Detection and Response (EDR) logs are critical in capturing this activity, and when such tasks are observed, it indicates a serious security risk, as attackers may gain unauthorized system access.