This detection rule identifies when the Windows utility 'schtasks.exe' is invoked with parameters that indicate a command to delete all scheduled tasks on the local machine. Specifically, it looks for command-line arguments that contain '/delete', '/tn \*', and '/f', which together signify the intent to forcefully delete every scheduled task, including those created by other users. The detection process is implemented by monitoring process creation events in the Windows operating system. When the specific command line criteria are met, an alert is generated, allowing for the identification of potentially malicious activity where an attacker may be trying to remove scheduled tasks to hinder security measures or cover their tracks.