This rule detects potentially malicious PowerShell scripts that utilize the `Compress-Archive` cmdlet to zip folders and files, particularly when outputting to the Windows temporary directory or the user's AppData local temp directory. These locations are often exploited by malware for exfiltration purposes. The tactic involves compressing sensitive data before exfiltration to reduce its size and enhance portability, which may signal an adversary's intention to exfiltrate data. For accurate detection, it requires that script block logging be enabled on the target systems. The detection criteria focus specifically on script block texts that involve the use of `Compress-Archive` combined with specific paths related to temp locations.