def rule(event):
    if all(
        [
            "\\SOFTWARE\\" in event.deep_get("TargetObject", default=""),
            "\\Microsoft\\Office\\" in event.deep_get("TargetObject", default=""),
            "\\Common\\Security" in event.deep_get("TargetObject", default=""),
            event.deep_get("TargetObject", default="").endswith("\\MacroRuntimeScanScope"),
            event.deep_get("Details", default="") == "DWORD (0x00000000)",
        ]
    ):
        return True
    return False
