This detection rule identifies attempts to install unsigned AppX packages on Windows systems using PowerShell commands. Specifically, it looks for the use of the `Add-AppxPackage` cmdlet or its alias, `Add-AppPackage`, combined with the `-AllowUnsigned` flag. Such actions may signify potential malicious activity aimed at bypassing security policies that prevent the installation of unsigned applications. The rule is particularly relevant in the context of attack vectors associated with persistence and defense evasion, as documented in the MITRE ATT&CK framework. The underlying requirement for this detection is that Script Block Logging must be enabled in Windows PowerShell, which enhances the visibility of PowerShell activity. This rule serves as a preventive measure against unauthorized installations that could compromise system integrity.