We recently started having security warnings from our SIEM about changes made to powershell execution policy . Upon further investigation we discovered that the autoconfiguration for AppInsight runs : Set-ExecutionPolicy Unrestricted -force even do we have the execution policy set to Remote signed witch according to Solarwinds documentation is enough to run AppInsight.
I opened Case # - 00352201 believing this is a bugg of SAM 6.8 and this is the respons i got : "By design, this Powershell command is executed during AppInsight for IIS configuration - it is required to run Powershell scripts used for IIS monitoring."
This information is not present in any Solarwinds documentation and the command was not run in version before SAM 6.8 .
Has anyone else notice this ?
