def rule(event):
    if all(
        [
            event.deep_get("EventID", default="") == 7036,
            event.deep_get("Provider_Name", default="") == "Service Control Manager",
            event.deep_get("param1", default="")
            in ["Windows Defender Antivirus Service", "Service antivirus Microsoft Defender"],
            event.deep_get("param2", default="") in ["stopped", "arrêté"],
        ]
    ):
        return True
    return False
