def rule(event):
    if all(
        [
            any(
                [
                    all(
                        [
                            "wmic" in event.deep_get("CommandLine", default=""),
                            "product where " in event.deep_get("CommandLine", default=""),
                            "call" in event.deep_get("CommandLine", default=""),
                            "uninstall" in event.deep_get("CommandLine", default=""),
                            "/nointeractive" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                    all(
                        [
                            "wmic" in event.deep_get("CommandLine", default=""),
                            "caption like " in event.deep_get("CommandLine", default=""),
                            any(
                                [
                                    "call delete" in event.deep_get("CommandLine", default=""),
                                    "call terminate" in event.deep_get("CommandLine", default=""),
                                ]
                            ),
                        ]
                    ),
                    all(
                        [
                            "process " in event.deep_get("CommandLine", default=""),
                            "where " in event.deep_get("CommandLine", default=""),
                            "delete" in event.deep_get("CommandLine", default=""),
                        ]
                    ),
                ]
            ),
            any(
                [
                    "%carbon%" in event.deep_get("CommandLine", default=""),
                    "%cylance%" in event.deep_get("CommandLine", default=""),
                    "%endpoint%" in event.deep_get("CommandLine", default=""),
                    "%eset%" in event.deep_get("CommandLine", default=""),
                    "%malware%" in event.deep_get("CommandLine", default=""),
                    "%Sophos%" in event.deep_get("CommandLine", default=""),
                    "%symantec%" in event.deep_get("CommandLine", default=""),
                    "Antivirus" in event.deep_get("CommandLine", default=""),
                    "AVG " in event.deep_get("CommandLine", default=""),
                    "Carbon Black" in event.deep_get("CommandLine", default=""),
                    "CarbonBlack" in event.deep_get("CommandLine", default=""),
                    "Cb Defense Sensor 64-bit" in event.deep_get("CommandLine", default=""),
                    "Crowdstrike Sensor" in event.deep_get("CommandLine", default=""),
                    "Cylance " in event.deep_get("CommandLine", default=""),
                    "Dell Threat Defense" in event.deep_get("CommandLine", default=""),
                    "DLP Endpoint" in event.deep_get("CommandLine", default=""),
                    "Endpoint Detection" in event.deep_get("CommandLine", default=""),
                    "Endpoint Protection" in event.deep_get("CommandLine", default=""),
                    "Endpoint Security" in event.deep_get("CommandLine", default=""),
                    "Endpoint Sensor" in event.deep_get("CommandLine", default=""),
                    "ESET File Security" in event.deep_get("CommandLine", default=""),
                    "LogRhythm System Monitor Service" in event.deep_get("CommandLine", default=""),
                    "Malwarebytes" in event.deep_get("CommandLine", default=""),
                    "McAfee Agent" in event.deep_get("CommandLine", default=""),
                    "Microsoft Security Client" in event.deep_get("CommandLine", default=""),
                    "Sophos Anti-Virus" in event.deep_get("CommandLine", default=""),
                    "Sophos AutoUpdate" in event.deep_get("CommandLine", default=""),
                    "Sophos Credential Store" in event.deep_get("CommandLine", default=""),
                    "Sophos Management Console" in event.deep_get("CommandLine", default=""),
                    "Sophos Management Database" in event.deep_get("CommandLine", default=""),
                    "Sophos Management Server" in event.deep_get("CommandLine", default=""),
                    "Sophos Remote Management System" in event.deep_get("CommandLine", default=""),
                    "Sophos Update Manager" in event.deep_get("CommandLine", default=""),
                    "Threat Protection" in event.deep_get("CommandLine", default=""),
                    "VirusScan" in event.deep_get("CommandLine", default=""),
                    "Webroot SecureAnywhere" in event.deep_get("CommandLine", default=""),
                    "Windows Defender" in event.deep_get("CommandLine", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
