This detection rule identifies potentially malicious PowerShell scripts that are attempting to bypass the Anti-Malware Scan Interface (AMSI). The rule is designed to detect specific code fragments that are typically found in obfuscated AMSI bypass techniques. The pattern it looks for includes the use of the .NET reflection method '[Ref].Assembly.GetType', as well as calls to 'SetValue($null,$true)' and the flags 'NonPublic,Static'. These features are characteristic of scripts trying to evade detection mechanisms by manipulating executable code structures in memory. To function correctly, Script Block Logging must be enabled in PowerShell settings. The high severity of this detection indicates that exploiting AMSI bypass techniques poses a significant threat to endpoint security.