First unsub was the anti-virus software. But further investigation showed it wasn’t the case here. So time to take a deeper look. So the server group took over since I stated the SCOM R2 Agent wasn’t the cause here but something on the server platform itself.
After a some time they came back and reported that they found a DEP issue: it was set in a restricted mode, allowing only certain processes. This setting wasn’t default so they corrected it. After the reboot of the server the SCOM Agent run like clockwork again.
So whenever you bump into a server which experiences issues with running scripts coming from SCOM MPs and the OpsMgr eventlog is almost yellow with many EventIDs 21405, check DEP on that server. It might be the culprit.