Professor
ProfessorDo you have SPSE enabled? If that is enabled the collector will stream powershell scripts directly to 3 or so always running powershell instances, alteast in my testing. That would cause it to not show creds in commandline. It does cause it to write the script as-is to a ps1 file in the agent tmp folder (always does). It also might cause a problem with these long running powershell instances using up ram though. Something we have run into.
P.S. I personally don't like how the collector writes scripts to files/logs already (with creds/properties baked in). I think it's much easier to get creds from files directly without much effort, less than digging into ram (which already requires process and/or admin-level permissions in windows). Then again I'm more sensitive about this since as an MSP, I don't have full control over the collector systems themselves. I try to use groovy because of this :)
