Suggestion : remove excution policy bypass

[fwininger]

Hi @mwrock, some EDR detect mallicious activities with the command

powershell.exe -executionpolicy bypass -NoProfile -File .\test.ps1

I understand that just remove -executionpolicy bypass throw a error with the windows default configuration, but I propose this change :

powershell.exe -noprofile -noninteractive -Command { Get-Content .\test.ps1 | iex }

Do you think that this approch seems correct ?

[mwrock]

What if you changed bypass to RemoteSigned. Would that make the EDR happy? Removing -executionpolicy bypass will break several scenarios where the execution policy is set to restricted.