That is true for the reg tweak mentioned in one of the previous posts, but not true when someone uses Applocker or Device Guard. However, I am not a fan of the above logic.
If the malware runs elevated, then the game is over. You cannot rely on such system and it does not matter if the malware bypassed Constrained Language mode or not.
Building security based on the assumption that malware can run elevated is a very complicated task and probably impossible to achieve in practice.
The user should concentrate on not allowing the malware to run or as a backup solution, allow the malware to run restricted with possibly low rigths (not elevated).
That is the purpose of Applocker, Device Guard, AppContainer, SRP, AppGuard, Comodo Firewall, Excubits drivers, VoodooShield, NVT ERP, using SUA, using PowerShell Constrained Language mode, etc.
Actually, Constrained Language mode can stop almost all dangerous PowerShell attacks. It can be bypassed, but this would be unnecessary effort, because almost no one uses it (at present moment).