In Symantec Endpoint Protection (SEP) Alerts are appearing for PowerShell.exe with the status: "Access Denied" and "Process blocked"

System Settings: Registry key: microsoft.powershell
Recommendation:    This item should be removed.

Associated Items:
    RegistryValue    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\"ExecutionPolicy"

The registry entry is considered a threat and may be malicious in nature. It is recommended deploying a script that deletes the registry entry, such as:

Command script: 
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\<name of the key you find>" /f

PowerShell script:
Remove-Item -Path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\<name of the key you find> -Force -Verbose

For many systems receiving these alerts, deploy via a GPO login script or management software such as Microsoft SCCM.