I'm a security analyst trying to understand why dropboxupdatehelper.msi mounts the EFI System Partition. I'm assuming that it does this by design - but I don't understand why. The alternative is that I've got something pretending to be dropbox manipulating the EFI System Partition in my environment.
Does anyone know why/if this might be done by the dropbox app on a Windows system?
Thank you for your reply. I expect this will be an easy question for one of your software engineers to answer. To be clear, I'm just trying to understand what your software is doing here so I can sleep better at night knowing that this isn't a rogue process. The end user is running the desktop client on a windows 10 device. I expect that they are running the latest version - though that shouldn't matter for this question.
I'm attaching two images. One shows that this file has been digitally signed by Dropbox - assuming the cert is authentic. The other shows that mountvol is ultimately called to mount the EFI System Partition on the D drive.
Thank you again, I look forward to learning more about this.