import re


def rule(event):
    if all(
        [
            any(
                [
                    "get-process | \\?" in event.deep_get("ScriptBlockText", default=""),
                    "get-process | where" in event.deep_get("ScriptBlockText", default=""),
                    "gps | \\?" in event.deep_get("ScriptBlockText", default=""),
                    "gps | where" in event.deep_get("ScriptBlockText", default=""),
                ]
            ),
            any(
                [
                    "Company -like" in event.deep_get("ScriptBlockText", default=""),
                    "Description -like" in event.deep_get("ScriptBlockText", default=""),
                    "Name -like" in event.deep_get("ScriptBlockText", default=""),
                    "Path -like" in event.deep_get("ScriptBlockText", default=""),
                    "Product -like" in event.deep_get("ScriptBlockText", default=""),
                ]
            ),
            any(
                [
                    re.match(r"^.*\\.*avira\\.*.*$", event.deep_get("ScriptBlockText", default="")),
                    re.match(
                        r"^.*\\.*carbonblack\\.*.*$", event.deep_get("ScriptBlockText", default="")
                    ),
                    re.match(
                        r"^.*\\.*cylance\\.*.*$", event.deep_get("ScriptBlockText", default="")
                    ),
                    re.match(
                        r"^.*\\.*defender\\.*.*$", event.deep_get("ScriptBlockText", default="")
                    ),
                    re.match(
                        r"^.*\\.*kaspersky\\.*.*$", event.deep_get("ScriptBlockText", default="")
                    ),
                    re.match(
                        r"^.*\\.*malware\\.*.*$", event.deep_get("ScriptBlockText", default="")
                    ),
                    re.match(
                        r"^.*\\.*sentinel\\.*.*$", event.deep_get("ScriptBlockText", default="")
                    ),
                    re.match(
                        r"^.*\\.*symantec\\.*.*$", event.deep_get("ScriptBlockText", default="")
                    ),
                    re.match(r"^.*\\.*virus\\.*.*$", event.deep_get("ScriptBlockText", default="")),
                ]
            ),
        ]
    ):
        return True
    return False
