This detection rule analyzes Windows Scheduled Tasks that are related to CompMgmtLauncher or Eventvwr. These executables are critical for system administration, providing access to the Computer Management Console and Event Viewer, respectively. However, attackers can misuse these tools to create persistent, stealthy backdoors or escalate privileges under the guise of legitimate processes. The rule uses the Windows Security Event Log (Event Code 4698) to capture creation or modification events for scheduled tasks that involve these executables, particularly noting any unusual or unauthorized activity. By employing this detection, security teams can proactively identify potential malicious actions and respond effectively. The search query scans for specific command parameters within the scheduled task definitions that invoke these utilities, facilitating timely analysis and remediation of security risks.