We would like to use Exploit Prevention for Powershell attacks. Exploit Preventions offers multiple signatures which can be used to monitor or block the usage of powershell (e.g. 6070 - Hidden Powershell Detected or 6073 Execution Policy Bypass in PowerShell) We've enabled Exploit Prevention and put the signatures 6070 and 6073 in report mode. After a while we analyzed the events. Unfortunaltey there were many false alarms and now we would like to know if we can define exlusions for specific use cases: 1. Exploit Prevention must not block "start.ps1": C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden -ExecutionPolicy bypass -NonInteractive -File C:\scripts\windows\Start.ps1 2. Exploit Prevention must not block the following command for AppV: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -WindowStyle Hidden -ExecutionPolicy RemoteSigned -Command &{$env:psmodulepath = [IO.Directory]::GetCurrentDirectory(); import-module AppvClient; Sync-AppvPublishingServer 1 -Glo