After deploying Threat Defense for Active Directory (TDAD), PowerShell obfuscation is not working well. From cmd.exe it is showing the expected objects based on the obfuscation factor.
Release : SES Complete 14.3 RU6+ with TDAD
Enable Legacy .NET Obfuscation is toggled on in the TDAD policy.
Legacy .NET Obfuscation forces a compatibility mode which does not mask for as many commands. Disable this option in the Advanced Options section of the TDAD policy and apply it, to have the latest protection.
Note: Agents older than 14.3 RU6 have a more limited scope of supported obfuscation. Please ensure the agent is running 14.3 RU6 or greater for the best TDAD protection.