Powershell [ wikipedia[.]org/wiki/PowerShell ] has become a lot more important to Microsoft & Windows -- right click the Start Button in new versions of 10, & Powershell has replaced the Command Prompt options in the context menu.
Powershell runs both scripts and commands, can change lots & lots of things regarding Windows, and it looks like it's well on its way to becoming the preferred way for some advanced cybercriminals to hide from security software [e.g. Powershell scripts can be stored in the registry, so no files], plus they can take control of a system using Windows utilities & software that may not raise any alarms. A recent find exists entirely in memory.
Windows 10 uses Powershell v.5, & version 5's now also available for 7 & 8 as an update (KB3134760). While Powershell is written about a lot by 3rd parties, e.g. IT folks, Microsoft has surprisingly little published on it. One of version 5's features is support for different language modes -- for security there's only one mode of real interest, Constrained mode, which I've read was introduced in Powershell v.3.
While it can be gotten around [turned off], Constrained mode basically tells Powershell not to ever run a bunch of commands that might be used by a cybercriminal &/or their malware. And it's something folks from Microsoft recommend, at least for now -- it might turn out that once this becomes well known, getting around the Contrained mode setting becomes standard operating procedure.
The simplest way I found to set Powershell to Contrained mode is to 1st start Powershell, running it as admin., then copy/paste the following at the Powershell command prompt & hit Enter. [In 10 Powershell is in the Start Menu next to other Windows groups, & in 7 it's under Accessories.]
[Environment]::SetEnvironmentVariable('__PSLockdownPolicy', '4', 'Machine')
When it works you'll see the following key in the registry -- I don't know if just adding that value to the registry would work [deleting that value allegedly removes Contrained mode, so it might].
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"__PSLockdownPolicy"="4"
The potential downside is that for some folks, e.g. those using the PC/laptop in a corp. environment, some innocent Powershell scripts written by IT staff could also be blocked.