This detection rule is focused on identifying potentially malicious execution of executables via the Microsoft Visual Studio Just-In-Time Debugger (vsjitdebugger.exe). The rule is predicated on the potential misuse of the debugger by adversaries to execute malicious code using trusted binaries. By launching a specified executable and attaching the debugger, attackers could evade detection mechanisms that typically scrutinize direct execution of suspicious binaries. The detection logic involves monitoring process creation events where the parent process is the vsjitdebugger.exe. However, it introduces a reduction mechanism to exclude certain processes, specifically those related to Visual Studio's intended functionality such as 'vsimmersiveactivatehelper*.exe' and 'devenv.exe', thus reducing false positive rates. It is noted that issues may arise if the process spawned by vsjitdebugger.exe is uncommon, and thus may need additional context to accurately determine its intent. This rule aids in enhancing defensive measures against the exploitation of legitimate tools for malicious operations.