F-Secure DeepGuard complains about 1password.sgx.exe [False Positive, fixed]

edited June 2017 in Windows Beta

Hi, whenever I open the 1Password 6 application and go to "Options", F-Secure DeepGuard shows an alert about suspicious behaviour and that it has blocked "1password.sgx.exe". As long as you don't whitelist that program, this message shows every time. Under some circumstance (can't tell exactly when or why), 1Password even crashes (I have allowed the app to send you a report, so you should have that)

May I assume that this is a false-positive?


1Password Version: 6.4.377d
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: 1Password Account
Referrer: forum-search:1password.sgx.exe

Comments

  • @Manaburner yes, this is false positive. 1password.sgx.exe is one of our own, it must be signed just like any other 1Password binary and located in 1Password folder. It's used to communicate between 1Password app and Intel's SGX Crypto Provider, as well as to detect if SGX technology is available (when it's available more UI is added to Options). Thank you for letting us know it makes DeepGuard upset, we will see if we can do something about it.

  • FWIW I still see this behaviour of F-Secure after every 1Password update.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Manaburner,

    Thanks for letting us know.

    This will continue to happen until F-Secure whitelist our code signature and ignore any files that are signed by us. We'll get in touch with them again and see if they can do that.

  • MikeTMikeT Agile Samurai

    Team Member
    edited June 2017

    Hi @Manaburner,

    Just an update, they just got back and they’ve fixed the false positive in the next database update. In addition, they’ve added our code signature as well.

  • Hi @MikeT
    that's great news. I will try that when I have the chance

  • MikeTMikeT Agile Samurai

    Team Member

    Thanks, we'd love to know if it is fixed or not.

  • Hi @MikeT
    the problem is gone now. To test this, I removed 1password.sgx.exe from the DeepGuard exclusion list and restarted 1Password. I didn't get any prompt to allow 1password.sgx.exe afterwards. :)

  • MikeTMikeT Agile Samurai

    Team Member

    That's great, thanks for helping us with this.

This discussion has been closed.