This detection rule identifies the unauthorized execution of GoToAssist, a legitimate remote access tool that may be exploited by adversaries for establishing command and control channels within targeted networks. The rule targets instances where the GoTo Opener application or its products are executed, as these tools are often deployed for legitimate remote technical support. However, their potential misuse makes them a vector for malicious activity. The detection is based on the process creation events in a Windows environment where GoToAssist is identified. The rule reflects an ongoing threat where remote access software is masked under legitimate use cases, requiring constant vigilance in monitoring these tools to prevent exploitation. Keywords related to the detection include 'remote access', 'command and control', and 'GoToAssist'. This rule, while refined, acknowledges the possibility of false positives due to legitimate administrative use of the software. Adversaries may choose to leverage such applications because they are generally accepted and permitted within organizational policies regarding software usage.