This detection rule identifies potential reconnaissance activity by monitoring the execution of PowerShell scripts that attempt to discover security software installed on a system. The rule focuses on instances where PowerShell commandlets 'get-process' or its alias 'gps' is used in combination with 'where-object' to filter results for known security products based on certain identifier patterns. By detecting these scripts, we can infer that an adversary may be trying to gather information about installed protective solutions, which could include antivirus tools, firewalls, or other security measures. The rule emphasizes the necessity of having Script Block Logging enabled in Windows for effective monitoring.