This detection rule is designed to identify the use of NTFS short names (also known as 8.3 filenames) in command-line execution on Windows systems. The presence of these short names could indicate an attempt to evade detection by security systems, particularly during the execution of potentially malicious commands. The rule monitors the command line for any references to filenames that match the short name format (e.g., using the `~1`, `~2` notation). The detection selection specifically targets the invocation of various executable, batch, installer, visual basic script, and other validation through the presence of these abbreviated forms. A filter is employed to exclude specific legitimate parent processes that are known to utilize these conventions without malicious intent. Given that legitimate applications may also use short names, there is a caution regarding potential false positives, advising investigations into the related parent and child processes to determine the context of these executions.