Malware: 1Password behaves like a Trojan downloader / dropper

Why does 1Password behave like a Trojan downloader / dropper? Is it really necessary to download files from the Internet without prompting?

Emsisoft Anti-Malware...

11.06.2018 13:45:39
Verhaltensanalyse-Fund: verdächtiges verhalten "TrojanDownloader" von "C:\Users\Uname\AppData\Local\Packages\DC5C6510.1Password_2v019pwa6amcg\LocalCache\Local\1password\app\7\1Password.exe"

11.06.2018 13:45:42
Eine Benachrichtigung "In den folgenden Programmen wurde ein verdächtiges Verhalten erkannt: C:\Users\Uname\AppData\Local\Packages\DC5C6510.1Password_2v019pwa6amcg\LocalCache\Local\1password\app\7\1Password.exe" wurde angezeigt


1Password Version: 7.0.558
Extension Version: 7.1.5.6.5
OS Version: Win 10
Sync Type: 1password.com

Comments

  • MikeT
    edited June 2018

    Hi @Sonic,

    Thanks for writing in.

    Did you originally try our 1Password Alpha at the Windows Store a few years ago?

    1Password do support automatic update by default and it will download the latest version to your temp directory to install it for you when 1Password is locked. However, the directories you're showing is not normal, we run and install from %LOCALAPPDATA%\1Password, not the Local Packages, that's limited to the Microsoft Store apps.

    There was an incident last year where Windows Store glitched and released the desktop app instead of our Store app and a small number of users were getting that desktop app, which had an automatic updater in it.

    My suggestion is to uninstall all copies of 1Password you have via Control Panel and Settings > Apps & Features, reboot, and install from our website: https://1Password.com/downloads

    Your data won't be affected since you're using 1Password.com service, it'll download the data for you in the new app install. Make sure you have your secret key before you reinstall 1Password.

This discussion has been closed.