Since I implemented WHD, I am noticing on several computers that the event logs are full of event ID 1035. This is the result of a WMI query against Win32_Product. This query causes hundreds of event log entries daily, indicating "Windows Installer reconfigured the product". It is affecting machine performance in some instances.
The timeline of these occurrences roughly aligns with my WHD implementation, so I am wondering if the WMI-based asset discovery tool runs this query as it collects information on installed apps, etc. Anyone have any feedback on this, or have any pointers on how to determine the source of this query?
Per MS documentation on this topic... thanks in advance.
Win32_product Class is not query optimized. Queries such as “select * from Win32_Product where (name like 'Sniffer%')” require WMI to use the MSI provider to enumerate all of the installed products and then parse the full list sequentially to handle the “where” clause. This process also initiates a consistency check of packages installed, verifying and repairing the install.