What are the AV exclusions

Navar
Navar
Community Member
edited March 2023 in Windows

We are using CarbonBlack (CB) and it doesn't like 1password.
1password.exe likes to invoke cmd.exe. Threat actors like to invoke cmd.exe
I have a strong feeling that to make 1password work in a CB environment, 1password.exe, 1password-browsersupport.exe, 1passwordsetup-latest.exe and anyother 1password files will need to be granted some exclusions to fully function.

I am just not a big fan of applications that invoke cmd.exe. In CB I can restrict what cmd.exe can run after invoked as it relates to 1password but anytime there is a change to 1password a change to CB will most likely be needed. From what I see right now systemsettings.exe (microsoft file), invokes 1password.exe, which invokes cmd.exe to run C:\Users\username\AppData\Local\1Password\app\uninstaller.bat which is denied.
The hash for uninstaller.bat can be approved but if any change happens that hash will need top be approved again.

1password have do done any testing with CB?
1password have you done any testing with any next-gen behavioral based endpoint protection?
1password do you have any recommendations?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Referrer: forum-search:AV exclusoins

Comments

  • Hello @Navar,

    Thanks for your message about using 1Password with CarbonBlack. We test against Windows defender and recommend excluding the 1Password.exe file, which can be found here - %localappdata%\1Password\App\8. In cases of most security software, if possible, excluding the entire 1Password folder (%localappdata%\1Password), should help.

    I hope this information helps, but if you any other questions, just let us know!

This discussion has been closed.