Does Response sensor capture command "start-service/stop-service" running from PowerShell?

Please refer to "CB Response: Can I search for commands executed in cmd or powershell ?" for what sensor captures.

When about command "start-service/stop-service, it will not be captured by sensor if it was run within the shell.  All that PowerShell is doing is asking service.exe to start/stop a service on its behalf. The start or stop of the service process will be recorded. But what is typed in PowerShell will not.

"services" have special status in Windows. The lifetime of a service is managed by the service manager.The service manager itself (services.exe) is a pretty critical piece of Windows. It starts very early in the boot process, before Response or any other security product. Response sensor doesn't get a "process start" for service.exe for this reason. Also services.exe is very long-lived, it never stops until the machine itself stops.