AVG Detects 1Password Update as Malware

Moving to "vault" uninstalls software (yikes!)
My wife updated her version of 1Password today on Win XP. During the process, AVG (the current free version) detected it as malware. The message reported that a temporary file triggered the issue (sorry, I didn't get the name of it). She took the choice to "Move to Vault" (AVG's quarantine) and when complete, the software was, at least partly uninstalled. It reported deleting several registry keys and the menu item in Start > Programs > 1Password have been removed. The plugin for Firefox is still active, but launching the program indicates the file cannot be found.

What's the best next step?

Thanks --

Tom Harrison

Comments

  • DBrown
    DBrown
    1Password Alumni
    edited February 2011
    Tom, I don't use or know AVG, and we can't help much with another company's software, but it can't be too much of a surprise that moving 1Password into a "quarantine" area would have a negative effect. :(

    Most antivirus tools have some equivalent "stop this bad program from hurting my computer" function, and (to be effective) they have to follow your instructions to neutralize the perceived threat.

    I think a better choice would've been to select whatever AVG calls the "trust this good program; it won't hurt my computer" function, which most antivirus tools also include.

    At this point, I can only suggest you try reinstalling 1Password. I wouldn't bother uninstalling it first. Your 1Password data should be OK.

    You might also want to scan the AVG documentation to see how to "whitelist" a program that it incorrectly perceives as a threat.

    Let us know how it goes.
  • Tom Harrison
    Tom Harrison
    Community Member
    DBrown wrote:

    Tom, I don't use or know AVG, and we can't help much with another company's software, but it can't be too much of a surprise that moving 1Password into a "quarantine" area would have a negative effect. :(

    Most antivirus tools have some equivalent "stop this bad program from hurting my computer" function, and (to be effective) they have to follow your instructions to neutralize the perceived threat.

    I think a better choice would've been to select whatever AVG calls the "trust this good program; it won't hurt my computer" function, which most antivirus tools also include.

    At this point, I can only suggest you try reinstalling 1Password. I wouldn't bother uninstalling it first. Your 1Password data should be OK.

    You might also want to scan the AVG documentation to see how to "whitelist" a program that it incorrectly perceives as a threat.

    Let us know how it goes.


    Thanks -- I'll reinstall.

    But I am a little concerned at the "not my problem" reply (yes, this is a forum, but your badge says you are Staff) -- mostly I just wanted to alert you and others that AVG suddenly started seeing 1Password as a threat, and perhaps Agile who may want to test with AVG and see if they can reproduce the problem. Or perhaps the 1P software was compromised? Given that 1P is the software that has access to all of our most sensitive data, I thought it prudent to report the problem and had hoped that this would warrant getting tested.

    Tom
  • DBrown
    DBrown
    1Password Alumni
    edited February 2011
    Thanks for that follow-up, Tom!

    I am staff, indeed, and I'm really sorry to have given the impression that I was saying it was "not my (or our) problem." :(

    I read your post as "When AVG reported 1Password as a potential threat, we moved it to the 'vault,' and now it doesn't work correctly. What should we do?"

    I just tried to address those issues, without mentioning that antivirus programs often flag harmless software as a potential threat. From their point of view, that's just erring on the side of caution, which seems like a reasonable practice. When they do, though, the typical response is to "whitelist" those programs we know as safe.

    I realize now that I'm so comfortable with the integrity-checking built into our installers that it didn't occur to me that you (quite reasonably, now that you mention it) would be concerned that the installer might've been "fiddled with" in some way. I should've said something about making sure you download 1Password only from our web site, and I'm sorry I overlooked that.

    I hope our participation in the forums and through our e-mail support address (support@agile.ws) shows that we know our customers' problems are our problems, and we want to help. That's why I offered the only suggestion that occurred to me, as I have no knowledge of, or experience with, that particular antivirus program.

    Again, I'm sorry I gave the wrong impression, Tom. I trust you'll let us know if there's any other way we can help.
  • Tom Harrison
    Tom Harrison
    Community Member
    Thanks, I didn't mean to be harsh. I know that Agile not only makes great software and not only has actual support (not to be taken for granted these days) but has great support, as well. I think my tone was probably better directed at others and not you. Your response here was great and I understand now.

    Thanks!

    Tom
  • If you trust your copy of 1Password, I'd suggest you submit it to AVG for analysis. False positives are not uncommon and by allowing them to examine it and test further this can be eliminated. If they come back and say "uhm...it's definately got 'xyz evil thingie'" then let Agile know and they can look into it further...anyhoo, just wanted to suggest that as most virus vendors are keen on learning of false positives...
This discussion has been closed.