This detection rule identifies executions of the PowerShell script `CL_LoadAssembly.ps1` that utilize the methods `LoadAssemblyFromPath` or `LoadAssemblyFromNS`. These methods are often manipulated to load assemblies dynamically, which can help attackers bypass AppLocker controls designed to restrict unauthorized execution of scripts and software. By analyzing process creation logs for command line invocations that include these specific calls, security teams can proactively detect potential exploitation attempts that leverage this script to compromise system integrity. The rule targets logs from Windows systems where PowerShell is commonly executed, representing a medium severity threat that could lead to further malicious activities if not addressed.