This rule is designed to detect executions of the 'driverquery.exe' utility on Windows systems. The 'driverquery' command is used to retrieve detailed information about the installed drivers on the operating system, making it a potential target for malicious actors who may use it for reconnaissance purposes. This detection rule looks for instances where 'driverquery.exe' is executed directly or indirectly, as indicated by its original filename ('drvqry.exe'). Moreover, it filters out processes initiated by common scripting and remote execution utilities (e.g., 'cscript.exe', 'mshta.exe', etc.) and checks the context in which 'driverquery.exe' is executed, such as ensuring it is not executing from typical locations like user-specific directories or the Temp folder, which are often used by malware. The level of alert generated by this detection is medium, highlighting the necessity of monitoring for such potentially malicious activities without overwhelming the operators with false positives.