I want it not to block powershell, but to alert upon execution.
why? Because maybe powershell -- or another process -- will be abused by an exploit to make certain system changes such as modifying the registry, or loading dlls, or disabling all security softs from startup. These are changes that, as far as I understand, do not necessarily require executing a second process, so they won't be blocked or alerted, as things stand now.
Once you take away the isolation, you become vulnerable to this kind of thing.
Please correct me if I am out to lunch on this issue