This detection rule identifies changes to the autostart extensibility point (ASEP) in the Windows registry, specifically modifications made to the `CurrentControlSet`. These modifications often indicate persistence mechanisms employed by malware, as they control which applications are automatically started when a system boots. The rule is designed to capture all system control base changes while excluding certain legitimate modifications, thus helping to reduce false positives. Key registry paths monitored include various configurations related to terminal services, security providers, and startup programs. The detection employs a comprehensive set of filters to ignore common legitimate scenarios, such as those associated with the installation of recognized software. Implementing this rule facilitates a proactive approach to identifying unauthorized alterations that could signify potential threats in a Windows environment.