I've seen a few posts already about this but nothing in recent years. I've turned on Application policy to try an prevent misuse of PowerShell and other tools. However its raised a large number of regular (hourly) alerts on most of the endpoints. Suggests to me that these are legitimate calls. Maybe application update checks? I've removed Powershell from he policy for now because I can't tell what is causing these calls.
I assume I'm not the only one having this problem so are people generally excluding Powershell from the policy?
This thread was automatically locked due to age.