Create, upload, and share
Find help to solve issues with creating, uploading, and sharing files and folders in Dropbox. Get support and advice from the Dropbox Community.
Hello,
our endpoint software picked up dropbox running this command - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell "Get-AppxPackage C27EB4BA.DropboxOEM | Remove-AppxPackage"
I saw the exact command in another forum and the user said that Dropbox uses it for updates. Can anyone confirm this? Is there somewhere online with more information on the powershell commands that Dropbox uses?
Hi there,
Yes, this looks expected, we call that when we uninstall the DropboxOEM. You'll only see this on Windows 10 as it related to the UWP version of our app.
Via Powershell we're uninstalling the DropboxOEM from system level so that it does not get installed again. This effectively cancels scheduled installation of DropboxOEM.
There shouldn't be anything to be worried about here, this is acting as designed.
Hope this helps!
Jane
Community Moderator @ Dropbox
dropbox.com/support
Did this post help you? If so please give it a Like below.
Did this post fix your issue/answer your question? If so please press the 'Accept as Best Answer' button to help others find it.
Still stuck? Ask me a question! (Questions asked in the community will likely receive an answer within 4 hours!)
Any update?
Just ran into the same problem. Is this some kind of malicious credential dump, or is this normal behavior from DropBox?
We have run into this exact same behavior, which was detected with our endpoint software. Is it normal for DropBox to operate in this way? I'm concerned that someone may have maliciously hijacked powershell to dump credentials to a dropbox account.
Jane
Community Moderator @ Dropbox
dropbox.com/support
Did this post help you? If so please give it a Like below.
Did this post fix your issue/answer your question? If so please press the 'Accept as Best Answer' button to help others find it.
Still stuck? Ask me a question! (Questions asked in the community will likely receive an answer within 4 hours!)
It is not an error - Our endpoint security picked up dropbox running this command - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell "Get-AppxPackage C27EB4BA.DropboxOEM | Remove-AppxPackage"
Is it normal for DropBox to operate in this way?
Thanks for looping back to me here @Kombi, I’ve submitted your inquiry for review internally & I’ll circle back to you once I have a bit more info to share!
Jane
Community Moderator @ Dropbox
dropbox.com/support
Did this post help you? If so please give it a Like below.
Did this post fix your issue/answer your question? If so please press the 'Accept as Best Answer' button to help others find it.
Still stuck? Ask me a question! (Questions asked in the community will likely receive an answer within 4 hours!)
Hi there,
Yes, this looks expected, we call that when we uninstall the DropboxOEM. You'll only see this on Windows 10 as it related to the UWP version of our app.
Via Powershell we're uninstalling the DropboxOEM from system level so that it does not get installed again. This effectively cancels scheduled installation of DropboxOEM.
There shouldn't be anything to be worried about here, this is acting as designed.
Hope this helps!
This is so bad in the day and age in which companies are using Products like Cylance to block Scripts specifcially Powershell from C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!