diff --git a/rules/windows/powershell/powershell_script/powershell_windows_firewall_disabled.yml b/rules/windows/powershell/powershell_script/powershell_windows_firewall_disabled.yml
new file mode 100644
index 000000000..3d3a596b1
--- /dev/null
+++ b/rules/windows/powershell/powershell_script/powershell_windows_firewall_disabled.yml
@@ -0,0 +1,27 @@
+title: Windows Firewall Profile Disabled
+id: 488b44e7-3781-4a71-888d-c95abfacf44d
+description: Detects when a user disables the Windows Firewall via a Profile to help evade defense.
+status: experimental
+author: Austin Songer @austinsonger
+date: 2021/10/12
+references:
+- https://docs.microsoft.com/en-us/powershell/module/netsecurity/set-netfirewallprofile?view=windowsserver2019-ps
+- https://www.tutorialspoint.com/how-to-get-windows-firewall-profile-settings-using-powershell
+- http://powershellhelp.space/commands/set-netfirewallrule-psv5.php
+- http://woshub.com/manage-windows-firewall-powershell/
+logsource:
+  product: windows
+  service: powershell
+detection: 
+  selection:
+    CommandLine|contains|all:
+      - Set-NetFirewallProfile
+      - -Profile
+      - -Enabled
+      - 'False'
+  condition: selection
+tags:
+- attack.defense_evasion
+level: high
+falsepositives:
+- Unknown