Sophos false alarm for 1Password

I'm looking how to exclude 1Password activity from Sophos scanning. All the old posts I found related to Sophos all lead to error 404.


1Password Version: latest
Extension Version: latest
OS Version: Win 10 1803
Sync Type: Not Provided

Comments

  • badbanana
    badbanana
    Community Member

    adding screenshot of problem.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @badbanana: Indeed, this is a false positive that I believe they're working to address. You can find more details here:

    Sophos home: 'CallerCheck' exploit prevented in 1Password for Windows desktop.

    It sounds like you can set an exception through their web interface to avoid this. Let me know if that helps!

  • badbanana
    badbanana
    Community Member

    wow. i replied yesterday but it is not showing here.
    anyway, if they, Sophos, are still working on it then this is a show stopper for 1Password. i am in this project to introduce password managers in our company and have 'til end of this month to do that.

    fyi, LastPass, Dashlane, KeePass works just fine. i guess i'll have to remove 1Password from my list.

  • Hi @badbanana,

    Another product of Sophos, HitmanPro.Alert, reported the same false positive and they just released an update to remove the false positive on 1Password: https://www.hitmanpro.com/en-us/whatsnewalert.aspx

    Improved Thumbprint technology on the CallerCheck exploit mitigation, which now allows us to whitelist e.g. a CreateProcess from the 1Password just-in-time .NET code running inside a web browser or Outlook as a plug-in

    It's just a matter of time before Sophos update the rest of the apps. We're just not aware of their development schedule.

    Would you also remove Office or Outlook when it got hit with this same false positive? There's not much we can do beside report it to Sophos, they're working on it but there's nothing wrong with what 1Password does here and it is not an exploit.

  • badbanana
    badbanana
    Community Member

    Dear All,

    Thanks for your replies. Someone from your team sent me an email to inform me there is 1PasswordX that would suit my requirements. I found it, installed, and trying it. Thanks to that someone.

    I'm just amazed why 1PasswordX wasn't mentioned to me from the start. Was it the ugly duckling of the family?

  • Greg
    Greg
    1Password Alumni

    Hi @badbanana,

    If you take a look at 1Password X, you will see that it is not ugly. :)

    1Password X is our new extension that works entirely in the browser and does not require a standalone 1Password app installed on your PC. It requires 1Password account and does not support local vaults.

    You posted your question in 1Password 4 for Windows topic and 1Password 4 for Windows supports only local vaults. That is why we did not recommend you 1Password X from the start. Sorry for the confusion.

    If 1Password X works fine for you, that is great. You can find more information about it in this article on our website:

    Get to know 1Password X

    If you have other questions, we are always here for you. Thanks! :+1:

    Cheers,
    Greg

This discussion has been closed.