Bootloader keeps going corrupt - only on dell laptops

[Jeff Jakubowski]

Really no ideas here. Ovevr the last couple of days, people report their bootloader is corrpt. We run the bootloader repair, which is quick and solves the problem, but corrpution occurs again.

This is only on Dell laptops. Desktops, or HP laptops work fine. Nothing on the anti-virus, no commonality with Windows Update or anything else we can find.

For giggles we've tried a scan with malware bytes on at least one PC and found nothing.

[Mounir IDRASSI]

It would be interesting to check the content of the EFI system partition
when the bootloader corruption occurs. This may give a hint of what is
happening. One should look at the content of EFI/Boot, EFI/VeraCrypt and
EFI/Microsoft/Boot folders and specifically check the files
EFI/Boot/bootx64.efi and EFI/Microsoft/Boot/bootmgfw.efi: VeraCrypt
replaces these two files with the a copy of EFI/VeraCrypt/DcsBoot.efi
and it looks like something is overwriting these files with original
Windows bootloader before the encryption was performed.

I suspect that on these Dell laptops there is some kind of Dell specific
service running on the background and which modifies the content of the
EFI system partition after each boot.It also can be a Dell EFI driver
that starts at boot and which changes the content of the EFI system
partition. Maybe there was an update for a Dell software that introduced
this behavior.

On way to analyze the situation is to check the content of the EFI
system partition at different stages: after Windows boots, before
Windows shutdown and before boot using a Linux Live CD. This way, one
can find when the corruption occurs and thus determine if it is
happening because of a software running on Windows or because of a Dell
EFI driver present on the BIOS.