This detection rule identifies potential defense evasion activities by monitoring the execution of `format.com`, coupled with an uncommon filesystem selection. Attackers may use the `format.com` command to format disks in a way that conceals their malicious actions, such as loading harmful DLLs or invoking other malicious executables. The rule captures instances where `format.com` is executed with a command line argument indicating an uncommon filesystem (not including well-known filesystems like exFAT, FAT, NTFS, ReFS, and UDF), signaling a potentially nefarious attempt to manipulate the filesystem. By focusing on process creation events originating from Windows, this rule aims to unveil covert behaviors that may evade typical detection methodologies.