One month down in 2025: How are your resolutions coming along? Check out how to get back on track here.
Forum Discussion
harryisthename
2 years agoHelpful | Level 5
File accessed time changed
Sorry if this is a repeat. I went back in and could not find the original using Search. Label is 'Security'
When I do a dir /s /a: /o:d /TA c:\*.* I am observing the file access date and time is all over the place in Dropbox subfolders that I do not access at all - certainly haven't looked at them for years and years. There are no other machines connected to my Dropbox, just one, my machine. Everything had already been "revoked".
That tells me either someone on my machine (virus) is accessing these files or someone at Dropbox is accessing them through the Dropbox service. Perhaps Dropbox does occasional sanity check true file comparisons and in between, it only looks at what Windows tells it changed combined with file size and date last modified on my machine vs. it's servers. If so, I'd like them to state that in documentation as it is disturbing to see the file accessed time changed all over the place and wonder who did this. No one else has physical access to my machine.
Here is an example of a folder I have not looked at for 4 years. I have changed the file names for privacy.
Directory of c:\Users\Admin\Dropbox\Final\2019\OLD
04/29/2022 05:42 PM 81,537 Chec..xlsx
03/20/2023 01:15 AM 555,250 2018 ...
04/11/2023 03:02 PM 3,077 payment1
04/22/2023 06:55 AM 11,933 payment1
05/18/2023 05:02 PM 553,498 YForm
05/21/2023 09:18 AM 74,490 Ledger.xlsx
06/03/2023 04:36 PM 2,979,840 SupportingInfo
06/04/2023 05:48 PM 3,052,094 2018YForm
06/05/2023 02:19 AM 41,695 TurboTaxReceipt86
- Rich
Super User II
harryisthename wrote:
... or someone at Dropbox is accessing them through the Dropbox service
Dropbox doesn't access your files through the normal operation of the service, and they certainly can't access the files on your computer. They may be able to access the files in your account while providing support (i.e. you've submitted a help desk ticket that requires them to access your account, etc.), but they aren't accessing your files otherwise.
- harryisthenameHelpful | Level 5
That's what I would like to think. Unfortunately, I have to do the deep forensics to discover what is doing this. I can monitor access on my end and see if Dropbox is doing it locally. That is, I still believe Dropbox service is doing this because it is very challenging and time consuming to verify the integrity of uploads of changed files. That's because the computer can crash, files can be modified offline (command prompt from a recovery flash drive), there can be an over-reliance on the Volume Shadow Subsystem which can be problematic in a less than healthy computer, hard disk drive issues can occur (soft NTFS and hard disk errors), anti-virus filters screwing up (my Ransomware protection is off), the Dropbox service itself being problematic, etc., etc. Note I have the Free Dropbox. Thus integrity checking is paramount and the grand challenge is to do it without affecting local or Dropbox-server performance. I have seen a few posts circa a few years ago about desiring file integrity checking with no clear answer. Perhaps it finally got implemented.
That is, it is not enough to verify file integrity by looking at which files I have in my 1M files at startup and comparing only the filenames (paths) and file sizes and dates/time modified to what Dropbox has in the cloud or relying entirely on VSS. Even calculating MD5 hashes is time consuming on 1M files. At some point it behooves the Dropbox servers to sample individual files and do a true file compare or at the very least do an MD5 compare. And if my (Free) Dropbox has 1M files, it certainly cannot do a true file compare at Windows Startup - too time consuming. With my Free Dropbox, it might instead do a MD5 hash compare on portions of the 1M files and flag which ones it has done -- it would do more and more over time to spread the load of it's servers (and my local machine) not being overwhelmed doing all 1M files MD5 compares at a time. Such an MD5 compare would open and close the file locally and cause the date accessed to be changed. This might explain what I saw.
Unfortunately, Dropbox does not (as far as I know) disclose under what conditions it will access the file locally -- you believe it **does not** and I respectfully believe it might. It's important for me to know so I can take steps accordingly to monitor rogue file accesses. Unless you are a Dropbox engineer who definitely knows the answer, the answer remains a puzzle. Only someone from Dropbox can authoritatively answer this question, IMHO.
- Sam DBX
Community Manager
Hi all,
Thanks for your input on this. To explain a bit, there are two main components to how the Dropbox desktop application keeps your files in sync:
- During normal operation, it patiently waits for any file activity like a new file added/edited/deleted from your Dropbox folder. When that happens it syncs those changes to your account.
- During startup, the application indexes your Dropbox files to check for changes made locally while the application was off, or remotely from your other devices/accounts you share with.
This is how Dropbox can keep your files in sync, even if your computer isn't online 24/7. So, even if you're not making changes to the files directly - this likely accounts for what you’re seeing as far access times.
From our side, rest assured that your files are safe, and if you're curious about our internal security procedures, we have lots of information in our security whitepaper.
Hope this helps!
About Security and Permissions
Start a discussion in the Dropbox Community forum to get help with your account security and permissions. Find support from Community members.
Need more support
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!