def rule(event):
    if all(
        [
            event.deep_get("EventID", default="") in [3033, 3034],
            not all(
                [
                    "\\Windows\\assembly\\GAC\\" in event.deep_get("FileNameBuffer", default=""),
                    event.deep_get("ProcessNameBuffer", default="").endswith("\\mscorsvw.exe"),
                    "\\Windows\\Microsoft.NET\\" in event.deep_get("ProcessNameBuffer", default=""),
                    event.deep_get("RequestedPolicy", default="") == 8,
                ]
            ),
            not any(
                [
                    all(
                        [
                            event.deep_get("FileNameBuffer", default="").endswith(
                                "\\Program Files\\DTrace\\dtrace.dll"
                            ),
                            event.deep_get("ProcessNameBuffer", default="").endswith(
                                "\\Windows\\System32\\svchost.exe"
                            ),
                            event.deep_get("RequestedPolicy", default="") == 12,
                        ]
                    ),
                    all(
                        [
                            "\\Windows\\System32\\DriverStore\\FileRepository\\"
                            in event.deep_get("FileNameBuffer", default=""),
                            event.deep_get("FileNameBuffer", default="").endswith(
                                "\\igd10iumd64.dll"
                            ),
                            event.deep_get("RequestedPolicy", default="") == 7,
                        ]
                    ),
                    all(
                        [
                            event.deep_get("FileNameBuffer", default="").endswith(
                                "\\Windows\\System32\\nvspcap64.dll"
                            ),
                            any(
                                [
                                    event.deep_get("ProcessNameBuffer", default="").endswith(
                                        "\\AppData\\Local\\Keybase\\Gui\\Keybase.exe"
                                    ),
                                    event.deep_get("ProcessNameBuffer", default="").endswith(
                                        "\\Microsoft\\Teams\\stage\\Teams.exe"
                                    ),
                                ]
                            ),
                            event.deep_get("RequestedPolicy", default="") == 8,
                        ]
                    ),
                    all(
                        [
                            event.deep_get("FileNameBuffer", default="").endswith(
                                "\\Program Files\\Bonjour\\mdnsNSP.dll"
                            ),
                            any(
                                [
                                    event.deep_get("ProcessNameBuffer", default="").endswith(
                                        "\\Windows\\System32\\svchost.exe"
                                    ),
                                    event.deep_get("ProcessNameBuffer", default="").endswith(
                                        "\\Windows\\System32\\SIHClient.exe"
                                    ),
                                ]
                            ),
                            event.deep_get("RequestedPolicy", default="") in [8, 12],
                        ]
                    ),
                    all(
                        [
                            "\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE"
                            in event.deep_get("FileNameBuffer", default=""),
                            event.deep_get("FileNameBuffer", default="").endswith("\\MSOXMLMF.DLL"),
                            event.deep_get("RequestedPolicy", default="") == 7,
                        ]
                    ),
                    all(
                        [
                            "\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Office"
                            in event.deep_get("ProcessNameBuffer", default=""),
                            "\\Windows\\System32\\" in event.deep_get("FileNameBuffer", default=""),
                            event.deep_get("RequestedPolicy", default="") == 8,
                        ]
                    ),
                    all(
                        [
                            event.deep_get("FileNameBuffer", default="").endswith(
                                "\\Windows\\System32\\nvspcap64.dll"
                            ),
                            "\\AppData\\Local\\slack\\app-"
                            in event.deep_get("ProcessNameBuffer", default=""),
                            event.deep_get("ProcessNameBuffer", default="").endswith("\\slack.exe"),
                            event.deep_get("RequestedPolicy", default="") == 8,
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("FileNameBuffer", default="").endswith(
                                        "\\Mozilla Firefox\\mozavcodec.dll"
                                    ),
                                    event.deep_get("FileNameBuffer", default="").endswith(
                                        "\\Mozilla Firefox\\mozavutil.dll"
                                    ),
                                ]
                            ),
                            event.deep_get("ProcessNameBuffer", default="").endswith(
                                "\\Mozilla Firefox\\firefox.exe"
                            ),
                            event.deep_get("RequestedPolicy", default="") == 8,
                        ]
                    ),
                    all(
                        [
                            any(
                                [
                                    event.deep_get("FileNameBuffer", default="").endswith(
                                        "\\Program Files\\Avast Software\\Avast\\aswAMSI.dll"
                                    ),
                                    event.deep_get("FileNameBuffer", default="").endswith(
                                        "\\Program Files (x86)\\Avast Software\\Avast\\aswAMSI.dll"
                                    ),
                                ]
                            ),
                            event.deep_get("RequestedPolicy", default="") in [8, 12],
                        ]
                    ),
                    all(
                        [
                            "\\Program Files\\Google\\Drive File Stream\\"
                            in event.deep_get("FileNameBuffer", default=""),
                            event.deep_get("FileNameBuffer", default="").endswith(
                                "\\crashpad_handler.exe"
                            ),
                            event.deep_get("ProcessNameBuffer", default="").endswith(
                                "\\Windows\\ImmersiveControlPanel\\SystemSettings.exe"
                            ),
                            event.deep_get("RequestedPolicy", default="") == 8,
                        ]
                    ),
                    all(
                        [
                            event.deep_get("FileNameBuffer", default="").endswith(
                                "\\Trend Micro\\Client Server Security Agent\\perficrcperfmonmgr.dll"
                            ),
                            event.deep_get("RequestedPolicy", default="") == 8,
                        ]
                    ),
                    event.deep_get("FileNameBuffer", default="").endswith(
                        "\\Program Files\\National Instruments\\Shared\\mDNS Responder\\nimdnsNSP.dll "
                    ),
                    any(
                        [
                            event.deep_get("FileNameBuffer", default="").endswith(
                                "\\Program Files\\McAfee\\Endpoint Security\\Threat Prevention\\MfeAmsiProvider.dll"
                            ),
                            event.deep_get("FileNameBuffer", default="").endswith(
                                "\\Program Files\\McAfee\\MfeAV\\AMSIExt.dll"
                            ),
                        ]
                    ),
                    event.deep_get("FileNameBuffer", default="").endswith(
                        "\\Program Files\\ESET\\ESET Security\\eamsi.dll"
                    ),
                    event.deep_get("FileNameBuffer", default="").endswith(
                        "\\Program Files\\comodo\\comodo internet security\\amsiprovider_x64.dll"
                    ),
                    any(
                        [
                            "\\Program Files\\SentinelOne\\Sentinel Agent"
                            in event.deep_get("FileNameBuffer", default=""),
                            "\\Program Files\\SentinelOne\\Sentinel Agent"
                            in event.deep_get("ProcessNameBuffer", default=""),
                        ]
                    ),
                    "\\National Instruments\\Shared\\mDNS Responder\\"
                    in event.deep_get("FileNameBuffer", default=""),
                    any(
                        [
                            all(
                                [
                                    "\\Kaspersky Lab\\"
                                    in event.deep_get("ProcessNameBuffer", default=""),
                                    "\\avp.exe" in event.deep_get("ProcessNameBuffer", default=""),
                                ]
                            ),
                            all(
                                [
                                    "\\Kaspersky Lab\\"
                                    in event.deep_get("FileNameBuffer", default=""),
                                    "\\antimalware_provider.dll"
                                    in event.deep_get("FileNameBuffer", default=""),
                                ]
                            ),
                        ]
                    ),
                ]
            ),
        ]
    ):
        return True
    return False
