There are a lot of security alerts for "Powershell DownloadString" for Chocolatey installer. Is there a way to whitelist that alert keeping in mind that there was a recent attack - "Serpent Backdoor Slithers into Orgs Using Chocolatey Installer".
Ref links:
https://threatpost.com/serpent-backdoor-chocolatey-installer/179027/