I got AVG reporting 1P as a threat, named IDP.ALEXA.51, should I be worried? [No, false positive]

GiedriusGiedrius
edited February 2016 in 1Password 4 for Windows

An additional rhetorical question, why on Earth do I have to go through all the trouble of registering to ask an important question?


1Password Version: Latest
Extension Version: Not Provided
OS Version: Win7 64
Sync Type: DB
Referrer: forum-search:idp.alexa.51

Comments

  • MikeTMikeT Agile Samurai

    Team Member
    edited February 2016

    Hi @Giedrius,

    No, you should not be worried, this is a known false positive and we've working with them to resolve this. For now, please restore the files from the Virus Vault in AVG with this guide: https://support.avg.com/SupportArticleView?l=en_US&urlname=How-to-restore-or-remove-file-from-the-Virus-Vault

    Please do try reporting it as a false positive from Virus Vault by submitting it for analysis.

    why on Earth do I have to go through all the trouble of registering to ask an important question?

    It's mostly for fighting spam as this is a public support forum where both our team and the community help out. If we let anyone post without registering, we'd quickly get overwhelmed with spam. We had these issues in the past and it would destroy the community because no one wants to go through spam.

    In addition, the registration would let you get email notification when someone has responded to you.

    You can also email us at [email protected] or tweet to our 1Password account if you'd like to avoid the forum and ask quick questions.

  • Thanks for quick response.
    Fair enough.
    The tool is still great ;) Have a nice day.

  • MikeTMikeT Agile Samurai

    Team Member

    You're welcome and you have a great day as well.

  • I too have the same problem - AVG deleted and blocked several files in the latest updated. I tried to report it as a false positive using your link but they won't accept the form without a file for inspection. The Identity Protection Results names the file as Unknown, C:\Users*****\AppData\Local\Temp\is-EAJNN.tmp\1Password-4.6.0.604.tmp;"Secured";"25/02/2016, 08:14:34";"File or Directory";"", but as this has been deleted I can't send it to them.
    I did manage to report this by clicking AVG Zen > Protection > Options > Virus Vault, then clicking the file and selecting Submit for Analysis. I hope this helps.

  • MikeTMikeT Agile Samurai

    Team Member
    edited February 2016

    Hi @TykeArt,

    You should be able to restore the files from AVG's Virus Vault based on this support article from them: https://support.avg.com/SupportArticleView?l=en_US&urlname=How-to-restore-or-remove-file-from-the-Virus-Vault

    I can't find the support article on their site for Submit for Analysis, can you tell me if that guide is accurate for now?

  • Thanks for your response Mike T

    The support article you mention is accurate however if the aim is to submit the file for analysis the button is the next one along from Restore and Restore As. Altogether 26 Objects were blocked, deleted and moved to the Virus Vault. I can send you full details if you let me have an email address. For the time being I have managed to roll back to 1Password Version 4.6.0.598.

    Are other virus checkers identifying the new release as a false positive?

  • MikeTMikeT Agile Samurai

    Team Member
    edited February 2016

    Hi @TykeArt,

    You can email us anytime at [email protected].

    Are other virus checkers identifying the new release as a false positive?

    Just one out of 56 as you can see it here at Virustotal.com. It is strange that AVG on that site is not reporting it as infected.

  • I emailed you with full details of items affected. I restored all objects from the virus vault after ending the relevant process in task manager. 1Password Version 4.6.0.604 now seems to be up and running.

  • brentybrenty

    Team Member
    edited February 2016

    Thank you! We've been in contact with different vendors to get this cleared up. I'm glad to hear it's working for you at least.

  • I got the Same message from AVG. incredimail was involved. Have you made any progress since February? Should I ignore the warning and continue to use incredimail, Albeit uncomfortably?

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @HeatherM,

    We cannot speak for Incredimail, what we can say for certainly is that 1Password isn't infected from our site and it was a false positive.

    For Incredimail, you'd be better off contacting them about it or delete your downloaded copy and get the latest file from their site that's behind a secure https:// if possible. I checked their download file on Virustotal.com, and they were flagged by 3 out of 54 AVs.

    In addition, other Incredimail users reported the same AVG issue at their support forum here: http://forums.incredimail.com/viewtopic.php?f=12&t=127056

This discussion has been closed.