You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

Mercury415's avatar
Mercury415
New member | Level 2
6 years ago

Does Dropbox Run Powershell Commands?

Hello,

our endpoint software picked up dropbox running this command - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell "Get-AppxPackage C27EB4BA.DropboxOEM | Remove-AppxPackage" 

I saw the exact command in another forum and the user said that Dropbox uses it for updates. Can anyone confirm this? Is there somewhere online with more information on the powershell commands that Dropbox uses?

  • Hi there,

    Yes, this looks expected, we call that when we uninstall the DropboxOEM. You'll only see this on Windows 10 as it related to the UWP version of our app. 

    Via Powershell we're uninstalling the DropboxOEM from system level so that it does not get installed again. This effectively cancels scheduled installation of DropboxOEM.

    There shouldn't be anything to be worried about here, this is acting as designed.

    Hope this helps!

     

  • Ross_S's avatar
    Ross_S
    Icon for Dropbox Staff rankDropbox Staff

    Hi there,

    Yes, this looks expected, we call that when we uninstall the DropboxOEM. You'll only see this on Windows 10 as it related to the UWP version of our app. 

    Via Powershell we're uninstalling the DropboxOEM from system level so that it does not get installed again. This effectively cancels scheduled installation of DropboxOEM.

    There shouldn't be anything to be worried about here, this is acting as designed.

    Hope this helps!

     

    • khogan's avatar
      khogan
      New member | Level 2

      This is so bad in the day and age in which companies are using Products like Cylance to block Scripts specifcially Powershell from C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell

  • Jane's avatar
    Jane
    Icon for Dropbox Staff rankDropbox Staff
    Hey Mercury415, let me forward your inquiry to a team specialist in form of a question. To get going with that, I’ve sent you a brief message on the email address connected to your Community profile. 
     
    Whenever you have some spare time, please have a look at your inbox for my message & I’ll make sure to promptly follow-up with you asap. Thanks in advance- I’ll be awaiting your next reply!
    • Wumbowarrior's avatar
      Wumbowarrior
      New member | Level 2

      We have run into this exact same behavior, which was detected with our endpoint software. Is it normal for DropBox to operate in this way? I'm concerned that someone may have maliciously hijacked powershell to dump credentials to a dropbox account.

      • Jane's avatar
        Jane
        Icon for Dropbox Staff rankDropbox Staff
        Hey Kombi & Wumbowarrior, thanks for the nudge; I’m afraid I don’t have any news to share, however I’ll do my best to follow-up on your concern. 
         
        • If it’s not too much trouble for you, could you also please send a screenshot of any diagnostic messages you received (including any error messages in case you're getting any)?
        • Could you let me know what's the name of the application that picked the file in question? 
        Any detail you could include on this discussion would be very helpful & thanks in advance for the time you're devoting to work on that with me! 
  • Wumbowarrior's avatar
    Wumbowarrior
    New member | Level 2

    Just ran into the same problem. Is this some kind of malicious credential dump, or is this normal behavior from DropBox?