def rule(event):
    if all(
        [
            "SOFTWARE\\Policies\\Microsoft\\Windows Defender Security Center\\App and Browser protection\\DisallowExploitProtectionOverride"
            in event.deep_get("TargetObject", default=""),
            event.deep_get("Details", default="") == "DWORD (00000001)",
        ]
    ):
        return True
    return False
