This detection rule aims to monitor and alert on attempts to disable Microsoft Defender features through PowerShell commands, specifically those related to changing the preferences of Windows Defender settings. PowerShell commands such as `Set-MpPreference` and `Add-MpPreference` that include flags for disabling various security features, including real-time monitoring and archive scanning, signal potential malicious activity especially in environments where security measures need to be strictly enforced. The rule captures various command line arguments that indicate attempts to change Defender settings, analyzing both normal and encoded powershell command variations. Multiple logic checks ensure that if any of the defined commands or parameters are detected, an alert is triggered. This rule is critical for detecting potential evasion tactics employed by adversaries aiming to mitigate security controls.