This detection rule identifies the execution of the Microsoft Visual Studio vsls-agent.exe, specifically when it is used with the --agentExtensionPath command-line parameter. The rule captures instances where the vsls-agent may load potentially malicious libraries, as evidenced by not just invocation of the executable but also certain parameters in the command line. It filters out benign commands that commonly use the same parameter to minimize false positives. To perform its detection function, the rule examines the process creation logs specifically looking for processes that both fit the selection criteria (ending in vsls-agent.exe and including the specified command line argument) and avoid benign patterns (i.e., including the library prefix Microsoft.VisualStudio.LiveShare.Agent.). This makes its implementation critical for environments relying on Microsoft's Live Share SDK while still upholding a posture of proactive threat detection.