diff --git a/rules/windows/powershell/powershell_script/posh_ps_detect_vm_env.yml b/rules/windows/powershell/powershell_script/posh_ps_detect_vm_env.yml
index 331b1d12e..8ec1bdb03 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_detect_vm_env.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_detect_vm_env.yml
@@ -17,7 +17,9 @@ logsource:
     definition: EnableScriptBlockLogging must be set to enable
 detection:
     selection_action:
-        ScriptBlockText|contains: Get-WmiObject
+        ScriptBlockText|contains: 
+            - Get-WmiObject
+            - gwmi
     selection_module:
         ScriptBlockText|contains: 
             - MSAcpi_ThermalZoneTemperature