Hello,

When I check the Application and Services Logs > Microsoft > Windows >Powershell > Operational I tnoticed every hour I have a group of 70 events 4104 starting by this one:
"
Creating Scriptblock text (1 of 1):

requires -version 3.0

try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { }

$script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module

$script:ClassName = 'root/StandardCimv2/MSFT_NetCompartment'
$script:ClassVersion = '1.0.0'
$script:ModuleVersion = '1.0'
$script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter]

$script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new()

Microsoft.PowerShell.Core\Export-ModuleMember -Function @()

function __cmdletization_BindCommonParameters
{
param(
$__cmdletization_objectModelWrapper,
$myPSBoundParameters
)

    if ($myPSBoundParameters.ContainsKey('CimSession')) { 
        $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] 
    }


    if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { 
        $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] 
    }


    if ($myPSBoundParameters.ContainsKey('AsJob')) { 
        $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] 
    }

}

function Get-NetCompartment
{
[CmdletBinding(DefaultParameterSetName='Query (cdxml)', PositionalBinding=$false)]

[OutputType([Microsoft.Management.Infrastructure.CimInstance])]

[OutputType('Microsoft.Management.Infrastructure.CimInstance#root/StandardCimv2/MSFT_NetCompartment')]

param(

[Parameter(ParameterSetName='Query (cdxml)')]
[ValidateNotNull()]
[uint32[]]
${CompartmentId},

[Parameter(ParameterSetName='Query (cdxml)')]
[Alias('Session')]
[ValidateNotNullOrEmpty()]
[CimSession[]]
${CimSession},

[Parameter(ParameterSetName='Query (cdxml)')]
[int]
${ThrottleLimit},

[Parameter(ParameterSetName='Query (cdxml)')]
[switch]
${AsJob})

DynamicParam {
    try 
    {
        if (-not $__cmdletization_exceptionHasBeenThrown)
        {
            $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new()
            $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData)

            if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters])
            {
                ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters()
            }
        }
    }
    catch
    {
        $__cmdletization_exceptionHasBeenThrown = $true
        throw
    }
}

Begin {
    $__cmdletization_exceptionHasBeenThrown = $false
    try 
    {
        __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters
        $__cmdletization_objectModelWrapper.BeginProcessing()
    }
    catch
    {
        $__cmdletization_exceptionHasBeenThrown = $true
        throw
    }
}


Process {
    try 
    {
        if (-not $__cmdletization_exceptionHasBeenThrown)
        {
$__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder()
if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) {
    $__cmdletization_values = @(${CompartmentId})
    $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default')
}


$__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder)
        }
    }
    catch
    {
        $__cmdletization_exceptionHasBeenThrown = $true
        throw
    }
}


End {
    try
    {
        if (-not $__cmdletization_exceptionHasBeenThrown)
        {
            $__cmdletization_objectModelWrapper.EndProcessing()
        }
    }
    catch
    {
        throw
    }
}

# .EXTERNALHELP MSFT_NetCompartment.cdxml-Help.xml

}
Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetCompartment' -Alias '*'

ScriptBlock ID: c7c6be14-62a6-4119-940f-a4f9416cebc4
Path:
"

What are these powershell scripts doing? Where were they launched? Is it a System Tasks? Were they launched manually?

Thanks,
Dom

did you ever find out what these were? I have similar PowerShell Event 4104 logs in Event Viewer on every startup session, and they are very similar to yours in nature

when the PC starts up, I believe the time matches up with whenever I reach the sign-in screen, and there's a lot of 4104 logs of this nature. do yours happen on every startup as well?

other 4104 events list Parameters like "ByName, ByPath, ByLabel, ByTargetPort"

other events have words like 'exceptionhasbeenthrown', ProcessRecord methodInvocation, PassThru, key InputObject, ExportModule etc.

Hi, @Dominique DUCHEMIN
Thank you for posting in Microsoft Q&A forum.

According to your last thread, it seems the scripts launched when you run CMPivot on machine offline.
The script is hard to read, do you get any response from the Premier Support engineer?

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

---

did you ever find out what these were? on every startup of my PC, I have these Event 4104 logs in PowerShell/Operational, but I can't view previous ones very far, since the oldest logs get deleted with every 2nd startup

I believe the time matches with whenever I reach the sign-in screen, and there's just a bunch of Event 4104 logs in Event Viewer, similar to yours in nature

other 4104 events have Parameters like "ByName, ByLabel, ByPath, ByTargetPort, ByStorage" etc.

others have words like InputObject, ExportModule, system.string, SystemUInt32 and 64, queryBuilder, methodInvocation, PassThru, containsKey (PartitionNumber), bject (cdxml) etc.