MD5 checksum for 1Password Windows

thrint

I an charge of a managed installation of about 50 copies of WebRoot through a central console and the instructions for adding an exception to WebRoot do not apply to the managed enterprise version. To make an exception for the few workstations that use 1Password I need the MD5 checksum of the application and any helper application that 1Password uses as it does not accept just the application name and path.

---

1Password Version: 4.6.0.604
Extension Version: Not Provided
OS Version: Windows 7
Sync Type: Dropbox
Referrer: kb:configure-webroot-secureanywhere

AlexHoffmann

Hello @thrint,

Thanks for contacting us.

Unfortunately we don't publish the MD5 checksums of the 1Password exectuables or the installer.
It is something we're planning to implement at some point in the not too distant future.

The only workaround I can give you for the moment is to generate the checksums yourself after you've upgraded the 1Password application using the internal update process.
Doing so will ensure that you and your users are receiving a genuine copy of 1Password since it confirms the vailidity of the SHA-256 certificate before running the installer.

I'm curious, though: In which way does the enterprise version of Webroot interfere with 1Password? We have a good working relationship with Webroot and the only issue we know of that is in the process of being fixed right now, is Webroot preventing the 1Password browser extensions from working correctly unless the 1Password Helper (Agile1pAgent.exe) has been set to 'Protect' in the 'Identity Protection' settings in Webroot.

Cheers!

thrint

I can get the checksums I just need to know what files other than the main executable I need to add. Can you at least provide that? Also if I turn Webroot off on an affected workstation then the problem goes away (the Icon is there in the IE toolbar but it does nothing) and so far just adding the executable does not do the trick.

AlexHoffmann

Hey @thrint,

Sure I can do that.

1Password has three executables, all located in the C:/Program Files (x86)/ folder:

• 1Password.exe — The main 1Password for Windows program. This process starts when you launch the program and stops when you quit 1Password.
• Agile1pAgent.exe — The background helper task that does a few things but primarily facilitates communication between the 1Password browser extensions and the vault.
• Agile1pLogin.exe — The Secure Desktop login process.

Whitelisting these processes is what you want to do.

From what you've described, however, I'm not entirely sure that your problem is actually the firewall but the Identity Protection that I told you about in my previous post. The correct settings that need to be made in Webroot can be found in the knowledge base article 'Configuring Webroot SecureAnywhere'.
I'm not sure, though, if you can set these things globally in the management console.

Cheers!

thrint

Thank you for that it now works. This is the procedure WebRoot gave me for allowing it in IE from the WebRoot console

1. Sign into your Webroot console and click on the "Endpoint Protection" tab.
2. Click "Group Management."
3. Select "All Endpoints".
4. Choose "Agent Commands".
5. Choose "Identity Shield".
6. Choose "Allow application" and enter one of the MD5s.
7. Repeat this process for any additional MD5s.

MikeT

Hi @thrint,

Thanks for sharing that with us, the problem is that each time 1Password is updated, these MD5 checksums will change as well. This may not be sustainable. Whitelisting the specific files should be enough but we'll get in touch with WebRoot to see if there's a better way to automate this.

Thanks again!

/cc @AlexHoffmann

thrint

That is a problem, for the time being not a big one as updates are not offered a lot, and now that I know I can always postpone the update...

MikeT

Right but it can be annoying to manually change the md5 hashes for three files each single time or you could write a script do to this. Hopefully, WebRoot will have a better idea for us.