Just finalising this....
I confirmed it is a bad implementation of this WMI class by Microsoft.
For 1.5.3 I have added an option to audit_windows.vbs called win32_product. It is set to "n" by default and will not query the win32_product WMI method.
I haven't found (in my limited tests) any software returned by this query that is not also returned by one of the other methods.
FWIW - This will likely speed up the scan as well. No more Windows checking / rebuilding packages... Also no more EventID 1035 in the event log. And less of a performance hit as a result.
Looks like nothing lost and much gained by turning off this query
For more details, background and referenced links, check here - [url]https://support.opmantek.com/browse/OA-52[/url].