Microsoft has changed the way AMSI handles PowerShell sessions, so our original bypass technique now fails to operate with the update. The Microsoft update changed AMSI, so that PowerShell no longer uses the AmsiScanString function when scanning user inputs. In this blog post, we explore the changes to AMSI and attempt to modify our previous bypass to work with the new version of PowerShell. We converted the native unmanaged DLL code (that performs the memory patching) to a simple C# code that can be loaded by using the Add-Type Cmdlet.”]
Source: https://www.cyberark.com/resources/threat-research-blog/amsi-bypass-redux