1Password automatic update & AVG conflict, remediation did not work, halp!

Superfandominatrix
Superfandominatrix
Community Member
edited May 2015 in 1Password 4 for Windows

Hi all! After accepting the latest 1Password automatic download, I’ve not be able to launch 1Password due to AVG conflict issues. Here’s the environment information and remediation steps taken so far. What do I need to try next to get this working again? Let me know if you need any more info. Thanks!

Environment
Windows 8.1 Pro
AVG 2013.0.3495
1Password Pro (version unverifiable, but I attempted reinstall with 1Password-4.5.0.572.EXE

Steps Taken

  • Accepted automatic 1Password version update
  • Saw AVG alert on a 1Password temp file, allowed AVG to “Protect Me”
  • 1Password tossed up an error message indicating a need to reinstall with anti-virus off
  • Downloaded above EXE file
  • Turned off WIFI connection
  • Disabled AVG
  • Right clicked 1Password EXE file and Ran as Administrator
  • 1Password momentarily worked
  • Turned on AVG and then WIFI
  • AVG then tossed up further alerts, which I attempted to permit in AVG, with the exception of one message for IS-SUPLQ.EXE that seemed unrelated to 1Password

AVG Error Messages
"General behavioral detection, C:\USERS\AUDREY JULIAN\APPDATA\LOCAL\TEMP\IS-9P0KE.TMP\1PASSWORD-4.5.0.572.TMP";"Secured";"5/16/2015, 11:01:02 AM";"File or Directory";""

"General behavioral detection, C:\USERS\AUDREY JULIAN\APPDATA\LOCAL\TEMP\IS-V398N.TMP\1PASSWORD-4.5.0.572.TMP";"Added to exceptions";"5/18/2015, 9:21:11 PM";"File or Directory";""

"General behavioral detection, C:\USERS\AUDREY JULIAN\APPDATA\LOCAL\TEMP\IS-1OSD2.TMP\1PASSWORD-4.5.0.572.TMP";"Added to exceptions";"5/18/2015, 9:22:14 PM";"File or Directory";""

"General behavioral detection, C:\WINDOWS\IS-SUPLQ.EXE";"Secured";"5/18/2015, 9:35:36 PM";"File or Directory";""

Comments

  • Superfandominatrix
    Superfandominatrix
    Community Member

    Further clarification, AVG is "AVG Internet Security 2013", full version number as described above. Installed components include :-1:

    AVG Accelerator
    AVG Advisor
    AVG Security Toolbar
    Anti-Rookit
    Anti-Spam
    Anti-Spyware
    Anti-virus
    Firewall
    Identity Protection
    Online Shield
    Quick Tune
    Resident Shield
    Surf-Shield

    I'll try this next, https://support.1password.com/configure-avg-surf-shield/, but my version of AVG doesn't match the guide. Will report back with details.

  • Superfandominatrix
    Superfandominatrix
    Community Member

    The AVG Surf Shield manual doesn't appear to address what's going on. The desktop app can't launch, the suggested Surf Shield configuration appears only to address browser extension / helper issues.

    So bottom line, still need help! As you can see from the steps I've already tried, I've reinstalled as administrator with anti-virus turned off, but as soon as I turn anti-virus back on, it broke 1Password.

    Looking at the details from the IS-SUPLQ.exe alert information, there were entries for something called Chilkat Crypt which appears to be encryption software for encrypting and decrypting strings and binary data.

    Does 1Password use Chilkat?

    Halp!

  • Superfandominatrix
    Superfandominatrix
    Community Member

    I tried downgrading 1Password to prior version 1Password-4.3.1.560.EXE that I know worked (I've been using it since release without issue), and again 1Password worked momentarily. I was able to enter my vault password and confirm vault contents. Then again within minutes of this, AVG threw up another Identity Protection warning message this time with a different EXE file. This NEVER happened to me before on prior 1Password versions. I am beginning to think that something with AVG has changed.

    "General behavioral detection, C:\WINDOWS\IS-3RQT0.EXE";"Secured";"5/19/2015, 11:21:45 PM";"File or Directory";""

    Again, in the details for the threat name, I see references to Chilkatcrypt. I'm wondering if AVG has somehow classified this tool as a threat.

    I really wish somebody from Agile would tell me more about this Chilkatcrypt. Is this something that 1Password uses? Is this a valid application resource? Is there something further I can do to help identify what the heck is going with this?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Superfandominatrix: Thanks for contacting us. I'm sorry for the trouble!

    1Password uses the Chillkat cryptographic libraries, so this is definitely expected. And while AVG has had similar issues with 1Password in the past, I'm sad to hear that we're getting more false positives, as we've been communicating with them to put these issues behind us.

    So long as you're downloading 1Password directly from the AgileBits site, it is genuine. But AVG interfering with the installation and preventing it from running normally is definitely a problem.

    Just to clarify, 1Password does work correctly with AVG disabled, is that correct? If that is the case, making an exception for 1Password in your AVG settings may help.

    When you say AVG 'breaks 1Password', what exactly is happening? What steps are you taking and what is or (is not) happening the way you expect?

    Did you recently update AVG as well? please let me know what you find. I look forward to hearing back from you!

  • svondutch
    svondutch
    1Password Alumni

    ChilkatCrypt - Is this something that 1Password uses?

    Yes.

    Is this a valid application resource?

    Yes.

    Is there something further I can do to help identify what the heck is going with this?

    AVG is detecting a false positive. We will report this problem to them, but other than that I'm afraid there isn't much we can do about this problem. Sorry. /cc @AlexHoffmann

  • Superfandominatrix
    Superfandominatrix
    Community Member
    edited May 2015

    Hi Brenty, Alex,

    Thanks for the response. To address Brent's questions, my tests results are as below. Do you have an AVG configuration guide for Chilkat? Specifically what EXEs are "safe" when trying to configure AVG correctly? Randomly hitting "Make an Exception" without knowing exactly what non-1P EXEs need to be configured is a very risky recommendation. How am I, as a stupid consumer, to know that IS-SUPLQ or IS-3RQT0 is a 1Password resource? I will be writing AVG a nastygram about this. In the battle between 1Password & AVG, 1Password will win every time with me. Who should they be in contact with at 1Password?

    Just to clarify, 1Password does work correctly with AVG disabled, is that correct? -- Please review my test steps in the 1st & 4th posts above. I've tested reinstalls with AVG both enabled and disabled. With AVG enabled, I am able to install 1Password 4.3.1.560, and able to use 1Password for about 1-2 minutes. I proved I could enter my vault password and see expected vault contents. After 1-2 minutes elapsed, AVG throws up an Identity Protection warning for an unknown EXE file. If I install 1Password with AVG disabled, run it, 1Password also works. The problem occurs when AVG is reenabled, it tosses up an Identity Protection warning. If the EXE file was easy to identify (for example 1Password-4.3.1.560.EXE, instead of a random unknown EXE like C:\WINDOWS\IS-3RQT0.EXE), would be a little easier to figure out what to do with anti-virus settings. You can't blame me for not robotically hitting the "make an exception" been when I've been disabling my anti-virus software and the EXE in question is completely unknown to me.

    When you say AVG 'breaks 1Password', what exactly is happening? -- Please refer to 1st and 4th posts. I will also include a screen print of the error message I see saying that I need to reinstall as administrator, a remediation step I already tried that didn't work as outlined in post #1.

    What steps are you taking and what is or (is not) happening the way you expect? -- Please refer to 1st and 4th posts. I expect to able to launch the 1Password desktop app and I can't due to application resources having been flagged as a threat and removed by AVG.

    Did you recently update AVG as well? -- The AVG application has not been changed. But as you know, anti-virus software is silently & constantly updated with new threat definitions.

    making an exception for 1Password in your AVG settings may help. -- For others who may encounter this thread, this advice does not seem appropriate. The AVG guides deal with only browser extension issues, not the desktop application being disabled by the Anti-virus app flagging a system resource as a problem. Is there a specific guide for tweaking AVG to recognize Chilkat as a non-threat application resource?

  • Hi @Superfandominatrix (that's a cool username, BTW).

    You are super thorough, thanks for that!

    I've only recently tested AVG's software for compatibility with 1Password 4.
    I'm still waiting for confirmation by a colleague but right now it looks like AVG's current software doesn't even inhibit the installation of the browser extension.

    We certainly don't have any issues with any of the executables 1Password uses or any of the ones it depends on, like the ChilkatZIP or ChilkatCrypt components.

    I'd like to ask you to install AVG Internet Security 2015 and check if the issues persist.

    If you have any other questions, feel free to ask :)

  • Superfandominatrix
    Superfandominatrix
    Community Member

    I upgraded to AVG Internet Security 2015 (the license key used with the 2013 version was transferable) and 1Password is working again.

    Thanks for helping with this!

  • On behalf of Alex, you're welcome.

    We're glad to hear it is working now.

This discussion has been closed.