This detection rule identifies instances where scripts or commands are used to disable PowerShell's command history by removing the 'psreadline' module. The primary detection mechanism relies on the ScriptBlockLogging feature of PowerShell, which must be enabled for this rule to function correctly. The rule targets any ScriptBlock that contains the strings 'Remove-Module' and 'psreadline', indicating an intentional attempt to modify the PowerShell environment in a way that avoids logging command history. Such actions can be associated with evasion techniques used by attackers to obscure their activities. The rule is pertinent to detecting attack technique T1070.003, which involves the hiding of evidence of actions taken within a system, specifically in the context of PowerShell scripting.