This detection rule identifies the potentially malicious creation of scheduled tasks in Windows that mimic legitimate system processes. Malicious actors may abuse these tasks to execute payloads or establish persistence on a compromised system. The rule triggers when tasks are created using \schtasks.exe for processes that suggest an attempt to masquerade as trusted system components. The detection logic inspects both the image name used for the creation of tasks and analyzes the command line arguments for common system process names, thereby identifying suspicious activity. This threat detection is critical in environments where maintaining operational integrity and system security is paramount.