This rule detects modifications to the Windows registry setting "LongPathsEnabled," which controls the ability for file paths to exceed the standard limit of 260 characters. This setting is significant because threat actors, including ransomware like BlackByte, may exploit it to bypass limitations that typically hinder the execution of long-path file payloads. Detection is accomplished through Sysmon event logs (Event ID 12 and 13), which capture changes to the registry. The detection leverages the Endpoint.Registry data model, focusing specifically on the registry path `CurrentControlSet\Control\FileSystem\LongPathsEnabled` and the value `0x00000001`, indicating that long file paths are being enabled. If identified as malicious, such changes could facilitate persistence mechanisms and further compromise of the system.