We might see errors somewhat like below in AntiVirus :

Event type: Process action blocked
Component: Adaptive Anomaly Control
Rule name: PowerShell executes obfuscated code
Source process: c:\windows\system32\windowspowershell\v1.0\powershell.exe

Application : "C:\Program Files\Citrix\Secure Access Client\nsverctl.exe" "powershell.exe" "-Command $version='1.0.0.0' $application='CitrixVPN' $path=[Environment]::GetFolderPath('CommonApplicationData')

we can disable the behaviour by creating the following registry keys in the client machine or you can push them through GPO:

Registry Path : Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Secure Access Client

Registry Name : DisableIntuneDeviceEnrollment

Registry Type : REG_DWORD

Registry Value : 1

Note : After the creation of the registry, the user is requested to restart the client machine for changes to take effect and then connect to the VPN.

 

Disclaimer

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Problem Cause

The PowerShell prompts are coming because of intune functionality with Citrix Gateway plugin,

There is already an enhancement in place to make the option configurable, the enhancement ID is NSHELP-21845.