What are the AV exclusions
We are using CarbonBlack (CB) and it doesn't like 1password.
1password.exe likes to invoke cmd.exe. Threat actors like to invoke cmd.exe
I have a strong feeling that to make 1password work in a CB environment, 1password.exe, 1password-browsersupport.exe, 1passwordsetup-latest.exe and anyother 1password files will need to be granted some exclusions to fully function.
I am just not a big fan of applications that invoke cmd.exe. In CB I can restrict what cmd.exe can run after invoked as it relates to 1password but anytime there is a change to 1password a change to CB will most likely be needed. From what I see right now systemsettings.exe (microsoft file), invokes 1password.exe, which invokes cmd.exe to run C:\Users\username\AppData\Local\1Password\app\uninstaller.bat which is denied.
The hash for uninstaller.bat can be approved but if any change happens that hash will need top be approved again.
1password have do done any testing with CB?
1password have you done any testing with any next-gen behavioral based endpoint protection?
1password do you have any recommendations?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:AV exclusoins
Comments
-
Hello @Navar,
Thanks for your message about using 1Password with CarbonBlack. We test against Windows defender and recommend excluding the
1Password.exe
file, which can be found here -%localappdata%\1Password\App\8
. In cases of most security software, if possible, excluding the entire 1Password folder (%localappdata%\1Password
), should help.I hope this information helps, but if you any other questions, just let us know!
0