This detection rule identifies the use of PowerShell script obfuscation techniques, specifically through the utilization of the 'COMPRESS OBFUSCATION' method. The rule is structured to track PowerShell commands that utilize specific objects and libraries aimed at compressing script payloads. The detection logic targets the instantiation of new objects using 'new-object' alongside specific .NET classes such as 'System.IO.Compression.DeflateStream' and 'System.IO.StreamReader'. The expected behavior is that if any PowerShell command contains these elements, it signals potential malicious intent, as these components are commonly used in attempts to obfuscate power shell scripts for evading security mechanisms. The rule is designed for Windows environments and is marked with a medium level of severity owing to the nature of its detection capabilities. The rule contributes to the broader defensive strategies against attack vectors focused on evasion and execution, making it pertinent for organizations aiming to secure their PowerShell environments by maintaining visibility on potentially harmful obfuscated scripts.