This detection rule is designed to identify unauthorized clearing of the Microsoft Terminal Server Client (MSTSC) connection history in the Windows Registry. The rule specifically looks for evidence of the deletion of registry keys related to Remote Desktop connections, which can indicate potential obfuscation efforts by threat actors, especially during post-exploitation phases. It creates alerts when either specific values or keys are deleted from the defined MSTSC registry paths. By monitoring registry modifications, this rule helps security teams detect suspicious activities related to Remote Desktop Protocol (RDP) misuse or attempts to erase traces of malicious actions.