def rule(event):
    if all(
        [
            "\\SOFTWARE\\MICROSOFT\\.NETFramework\\Security\\TrustManager\\PromptingLevel\\"
            in event.deep_get("TargetObject", default=""),
            any(
                [
                    event.deep_get("TargetObject", default="").endswith("\\Internet"),
                    event.deep_get("TargetObject", default="").endswith("\\LocalIntranet"),
                    event.deep_get("TargetObject", default="").endswith("\\MyComputer"),
                    event.deep_get("TargetObject", default="").endswith("\\TrustedSites"),
                    event.deep_get("TargetObject", default="").endswith("\\UntrustedSites"),
                ]
            ),
            event.deep_get("Details", default="") == "Enabled",
        ]
    ):
        return True
    return False
