Detection method scripts should run with -File
Currently, application detection method scripts are ran in such a way that it causes issues with certain levels of PowerShell Constrained Language Mode. An example of how scripts are run is below.
"C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.exe" -NoLogo -Noninteractive -NoProfile -ExecutionPolicy Bypass "& 'C:\WINDOWS\CCM\SystemTemp\11a53fac-8144-438e-aa01-6d2378be848b.ps1'"
To better allow detection method scripts to be ran under Constrained Language mode, the script should be ran with -File instead of with the call operator &.
With the current configuration it is not possible to use PowerShell based detection methods in some scenarios, reducing their usefulness.
See this idea for more info. https://ideas.patchmypc.com/ideas/PATCHMYPC-I-440