Can someone verify that you are able to see powershell_events or powershell script block logging from windows_events with master or experimental branches?

yes that seems to be case. Tried with the latest windows pkg shared by @theopolis for windows in the core channel today. Even with

disable_events=true

we get windows_events and not powershell events. with

disable_events=false

we get both. Provided script logging for powershell is enabled as well.

This sounds dangerous. Even if events are disabled they are still occurring?

aah my bad, the flag part seems to working fine. i think i mixed up verifying 2 flagsfile.

thanks @manu