We import all the system logs including PowerShell logs into a seim solution that's based on $/GB but both sccm and scom run powershell scripts that get detected as malware which is overwhelming our storage and increasing costs.  I think there are many different way to resolve this not sure which is best but was wondering if there was a way to manipulate these detections via the AMSI within defender?

thanks