The UAC Bypass WSReset detection rule aims to identify unauthorized attempts to bypass User Account Control (UAC) using the Windows command-line utility WSReset.exe. This executable is legitimate and is used to reset the Windows Store without requiring a user to be logged in. However, attackers may exploit its functionality to elevate privileges and execute malicious operations under elevated tokens. This rule detects when WSReset.exe is invoked with high integrity levels, which is often indicative of an attempt to bypass UAC protections. It leverages Sysmon data to capture the process creation events where the image name ends with 'wsreset.exe' and checks for elevated integrity levels. The detection criteria include specific integrity levels associated with high privileges, ensuring that potential UAC bypass tactics employed by attackers can be effectively flagged for further investigation.