Symantec Endpoint Protection and 1Password 4

Hello!

I use 1Password on multiple computers (windows pc, macbook and windows work laptop). Since upgrading to 1Password 4 for Windows i have severe issues with the browser-extensions (Firefox, chrome) on my work laptop. For instance, it wouldn't ever automatically log me in after using the keyboard-shortcut, but it would allow me to search and copy my password. Today I figured it is probably because the extension is unable to connect to the 1Password Agent, because after installing the extension in a clean Firefox profile, it would hang on the 'welcome page' on trying to find the helper. I think it is probably the Symantec Endpoint Protection my company is running.

Since the troubles started when i upgraded to 1Password 4, I tried reverting back to 1Password 3 today. And voila, it worked perfectly again!

So now my question is: What has changed to the way the Helper and the extensions communicate with each other? And, maybe, is there a workaround for me to keep working in 1Password 4?

I don't know the rules that Symantec Endpoint Protection is using on my PC. I cannot access it and i cannot change them either. I could try to ask my IT department to white-list some protocol or ports if I know what to ask for, but since this is a global organization I think my changes are very slim.

Comments

  • RichardPayne
    RichardPayne
    Community Member

    As I understand it, the v1 extensions were completely self contained. They didn't need to talk to another process to access your vault. The workaround is to add an exception to the Symantec End Point system for the Agile1PAgent.exe.

    It is definitely not something endemic to the Symantec system as I'm running it at work and I have no issues with 1Password v4.

  • DBrown
    DBrown
    1Password Alumni
    edited August 2014

    Thanks, @RichardPayne!

    @PepijnV‌, the 3.x extensions compatible with 1Password 1 for Windows did communicate with other processes, but the version 4 extensions are definitely different.

    Here's the "official" source of information about the helper and troubleshooting any problems with the extensions:

    Troubleshooting browser extensions

    Please let us know if @RichardPayne's excellent suggestion doesn't solve the problem.

  • PepijnV
    PepijnV
    Community Member

    Thanks @RichardPayne‌ and @DBrown‌ for the suggestions. Off course i know it will be possible to configure SEP to allow the communication with the helper. However, I will have ask my IT-team to add the exception, i can't do that by my self. That means they probably have to alter their global policy, which is not very likely to happen :(. If there is any other way to make 1Password circumvent the restrictions, please let me know.

  • RichardPayne
    RichardPayne
    Community Member

    Short of just disabling it (assuming you have that option), I'd hope not. That would sort of defeat the point. Not that I'd recommend doing that anyway.
    I'm

  • PepijnV
    PepijnV
    Community Member

    @RichardPayne‌ You are right. Thanks!

  • DBrown
    DBrown
    1Password Alumni

    @PepijnV‌, we're in constant communication with the vendors of many popular security solutions, in the effort to get 1Password "whitelisted" in their software. I'd ask that you contact them, too, since they might be swayed by their customers' opinion.

  • svondutch
    svondutch
    1Password Alumni
    edited August 2014

    The version 4 extension verifies the web browser code signature. The version 3 extension did not such thing.

    @PepijnV please follow these steps.

  • DBrown
    DBrown
    1Password Alumni

    Thanks, @svondutch. It hadn't occurred to me that the browser code verification added in the 4.x extensions would affect communication between the extension and the helper!

  • svondutch
    svondutch
    1Password Alumni

    It hadn't occurred to me that the browser code verification added in the 4.x extensions would affect communication between the extension and the helper

    Some anti-virus solutions are blocking the WebSocket connection. Others (such as Kaspersky) are blocking the code signature verification we're doing.

  • DBrown
    DBrown
    1Password Alumni

    Got it!

    That's why disabling the new Help > Advanced > Verify web browser code signature toggle (in the latest beta build) might help Kaspersky users.

This discussion has been closed.