There is a known issue in currently available versions of ENS 10.6.1 where Exploit Prevention exclusions are not working properly with signer details. This issue will be addressed in upcoming ENS 10.6.1 December Update. I recommend you wait for mentioned release and test your EP Exclusion again.
The issue I'm describing is not related to the bug as I see, but with the capability of the product to fulfill specific use case. I can see exploit prevention policy exclusions section tool allows to create exceptions based on process name and signer and by caller module name and signer. In this rule case, process is powershell.exe and there is no caller module. So signing our internal scripts in order to trust those and exclude from exploit prevention rules triggers is not capability of current product. Or I miss something?