This detection rule targets attempts to suspend security processes, specifically targeting scenarios where the `WerFaultSecure.exe` process is abused to freeze endpoint detection and response (EDR) or antimalware services. The rule recognizes suspicious command-line parameters typically associated with the `EDR-Freeze` technique, aiming to protect against defense evasion tactics employed by malicious actors. Using this rule, organizations can gain insights into attempts by adversaries to bypass or disrupt security mechanisms by tracking unusual behavior linked to `WerFaultSecure.exe`. The rule analyzes process creation logs on Windows systems to identify occurrences where potentially harmful commands are issued to the WERFaultSecure executable.