The detection rule titled 'Application Uninstalled' monitors Windows environments for the uninstallation of applications, focusing specifically on events generated by the Microsoft Installer (MsiInstaller). Two specific Event IDs are of interest: Event ID 1034, which indicates the success of an application installation, and Event ID 11724, which signifies an uninstallation event. It is important to verify whether the application being removed is critical to the system's operation. This rule is intended to capture potential security issues that may arise from unwanted or unauthorized application removals, which could indicate malicious activity or software tampering. The rule is categorized under a low severity level and is primarily aimed at Window-based systems, where application integrity is crucial.