Vendor
This rule identifies instances where the PowerShell engine is loaded by processes other than powershell.exe, potentially indicating attackers attempting to use PowerShell functionality stealthily by using the underlying System.Management.Automation namespace and bypassing PowerShell security features.