((Image:\\powershell.exe OR Image:\\pwsh.exe OR Image:\\reg.exe) OR (OriginalFileName:PowerShell.EXE OR OriginalFileName:pwsh.dll OR OriginalFileName:reg.exe)) (CommandLine:add\ * OR CommandLine:New\-ItemProperty\ * OR CommandLine:Set\-ItemProperty\ * OR CommandLine:si\ *) (CommandLine:\\Control\\CI\\Config* CommandLine:VulnerableDriverBlocklistEnable*)