def rule(event):
    if all(
        [
            "SOFTWARE\\Microsoft\\Windows Defender\\Windows Defender Exploit Guard\\Controlled Folder Access\\AllowedApplications"
            in event.deep_get("TargetObject", default=""),
            any(
                [
                    "\\Users\\Public\\" in event.deep_get("TargetObject", default=""),
                    "\\AppData\\Local\\Temp\\" in event.deep_get("TargetObject", default=""),
                    "\\Desktop\\" in event.deep_get("TargetObject", default=""),
                    "\\PerfLogs\\" in event.deep_get("TargetObject", default=""),
                    "\\Windows\\Temp\\" in event.deep_get("TargetObject", default=""),
                ]
            ),
        ]
    ):
        return True
    return False
