I use Kaspersky Internet Security version 19.0.0.1088 (i).

I face another problem with Kaspersky, which may have an impact on Thunderbird as well.

When I open an MS Word (.docx, .doc etc.) document, Kaspersky asks me to allow or not to connect to internet address "autodiscover.XXXXXX.YYY" where "XXXXXX.YYY" is domain I have my e-mail account on.

terrybernstein, You are also getting ahead of yourself, If TB is installed to latest version and reports itself as being updated to latest version (correctly or not) via manually checking the about tab, YET still has the anoying popup, it is not nessesarily the fault of Kaperskis. I have run Kaperskis alongside TB before the popup issue surfaced. The thing we need to find out is HOW TB does it's version checking, and the frequency of doing it before jumping to conclusions. Does it do a callback thats being blocked? Need more insite from those in the know (aka developers) to further trouble shoot this issue.

Owners Gamer said

terrybernstein, You are also getting ahead of yourself, ... Need more insite from those in the know (aka developers) to further trouble shoot this issue.

As an end-user and the originator of this question, I see my responsibility as putting as much "circumstantial" information as possible on the table. To that end, it's worthwhile to try to determine whether Kaspersky is a common element with everyone experiencing these false warnings. So far, I've seen one reply from another user who has the problem but is not using Kaspersky and several replies from people who are using it. If Kaspersky is correlated with the problem, that doesn't necessarily mean TB does or doesn't need fixing. But that correlation, if it is real, might provide helpful information to a developer.

Well put. We are not getting ahead of ourselves. We know two things. 1.) TB pops up this message saying it couldn't update to the latest version (whether that is installed or not). 2.) All the posters either are using Kaspersky or in one case, have been.

We can infer that something is interfering with the version checking and or update modules of TB. We can also consider that Kaspersky, so far, is the common element. We can hypothesise that Kaspersky may be blocking some element of TB's functioning in these TB versions (68.2.n) We can wait to hear from a non-Kaspersky user ( or two) to completely absolve the AV software. We can also ask the TB devs to look for a bug causing this problem - with the possibility that Kaspersky is the common element - unless it is absolved.

This is the support forum. Not the bug tracker. Therefore you will be quite unlikely to see a developer just pop up.

Kaspersky installs an add-on in Firefox, does it similarly infect Thunderbird? I do not know I do not use it.

Bug reports also indicate that it sets an enterprise preference that forces the use of the Windows enctryption certificates folder, instead of the firefox one. Does it also sdo this twith Thunderbird, again no idea.

IT is also clear that the product uses man in the middle hacking and it's own questionable certificates to set up a proxy in the communication process. Does it also do this for Thunderbird, not idea.

Just for your information, update requests are send as normal HTTPS requests to the Thunderbird.net domain. For them to fail it would mean your encrypted communications between Thunderbird and the domain are being intercepted, probably via a proxy. There is however nothing odd about the ports used for the HTTPS request. The process is Thunderbird sends a URL with version os etc and the server responds with an upto date message or a download.

What we are seeing more and more of are third party tools that force updates when none are available. the update from the 60 versions to 68 being an example. For various reasons the new version has been released weeks ago, but updates to existing users are disabled. It is something the release folks can do and it is often done, then when updates are opened up they are generally throttled to say 10% of requests per day being offered the update. It reduces load on the distribution process and limits the damage if some nasty update bug is found. but when other software starts trying to manage that process, unfortunate results can be a consequence.

If Kaspersky is interfering with the updates, I suggest Kaspersky users follow the general recommendation for any AV program: disable email scanning by adding the TB profile folder as an exception or exclusion, and disable scanning of SSL connections:

https://forum.kaspersky.com/index.php?/topic/371162-how-to-disable-ssl-interception/

sfhowes said

If Kaspersky is interfering with the updates, I suggest Kaspersky users follow the general recommendation for any AV program: disable email scanning by adding the TB profile folder as an exception or exclusion, and disable scanning of SSL connections: https://forum.kaspersky.com/index.php?/topic/371162-how-to-disable-ssl-interception/

You CANNOT disable anything until you; 1) Find out how TB does its' updating. 2) Check to see if the updating conflicts with anything in Kaperskis internet Security. Which is the most common Kaperskis utility in use

By disabling Kaperskis, you leave wide open your system to any malicious attack via email AND browsing if you have it set to view any html content in the email body. You need more information before you can decide what you should do. Or you could screw up big time.... I can live with the pop up until I find out more... Yes it is a PITA, but it is a KNOWN pita. The unknown has a habit of comming back and taking a bite outa your butt.....

I'm not saying you should disable all components of Kaspersky or any other AV, just scanning of email folders and SSL connections. The real-time background scanner is still enabled. If this step results in an end to spurious update notifications, then that is useful information. If you prefer to wait and see if a TB developer looks at this issue, you may be waiting a long time.

http://kb.mozillazine.org/Antivirus_software

I'm not sure if it is Kaspersky that is causing this or not as I have been using Kaspersky Internet Security for some time now along side TB and have never has this issue previously.

Owners Gamer said

By disabling Kaperskis, you leave wide open your system to any malicious attack via email AND browsing if you have it set to view any html content in the email body.

For myself, I intend to live with the PITA messages rather than turn off Kaspersky's email scanning. It sounds to me like we users have taken this about as far as we can. We know what we know and it's time for the developers to weigh in. If that is properly done through the bug tracking system, fine. I don't know anything about the process or etiquette of submitting bug report, but I'll give it a go and beg forgiveness if I need to. Thanks for everyone's input!

100 affected users here:

-No Kaspersky or any other AV-software (Defender is disabled) -Windows 10 1607 LTSB and 1809 LTSC -Enterprise Environment -Thunderbird centrally deployed via MSI (64 Bit, Latest 68 release) -Maintenance service not installed (MSI parameter) -No Internet access (Only internal services, no access to thunderbird.net)

All users get the update notification. I assume this is because TB cannot connect to thunderbird.net

I have not found a way to disable all update-checks centrally. What is the preferred method for this now? (Either machine-local config file or registry)

Thanks!

b.reiter said

I have not found a way to disable all update-checks centrally. What is the preferred method for this now? (Either machine-local config file or registry) Thanks!

This is discussed here:

https://support.mozilla.org/en-US/questions/1272172

sfhowes said

This is discussed here: https://support.mozilla.org/en-US/questions/1272172

Works perfectly, thank you!

That is not a fix. That prevents all future updates to Thunderbird. Worse than just removing the anti virus product in my opinion.

For Enterprise environments where users cannot update TB, this is a perfectly valid configuration.

Outside of a managed environment, for users who prefer to install updates themselves, this solution works fine as well.

For Kaspersky to be at fault for this, it would have to block HTTPS connections from TB to thunderbird.net, but allow any SMTP/IMAP/POP3 connections to any other server. I doubt they would configure such a ruleset, but it is possible. Easy way to test this would be an HTML-Mail with an image located on thunderbird.net.

Preventing either AV scanning or TB updates are both far worse than putting up with the annoying messages. However, I've switched from Kaspersky Free to Avast free and so far, no pop up today. Not an option to someone using paid versions. Watch this space.

Dear Matt,

You told "update requests" are https requests (encrypted SSL) but is the help-> about update check before performing the effective update also a https request?

I went to file a Bugzilla report and found that one had already been filed for this issue (on 2019.10.07, I believe). Multiple developers are working on the issue as recently as the last day or two. That bug report cites this community support thread, among others.

In the parallel thread https://support.mozilla.org/en-US/questions/1271866?page=2#answer-1266777

Kaspersky has advised disabling secure scan setting in its programme. And further on from that some sort of tracing. But it's seeming more and more likely that the problem is an interaction with Kaspersky. In the meantime I've replaced Kaspersky (free) with Avast (free), and the problem is not appearing.

terrybernstein said

In the parallel thread https://support.mozilla.org/en-US/questions/1271866?page=2#answer-1266777 Kaspersky has advised disabling secure scan setting in its programme. And further on from that some sort of tracing. But it's seeming more and more likely that the problem is an interaction with Kaspersky. In the meantime I've replaced Kaspersky (free) with Avast (free), and the problem is not appearing.

I've switched back to Windows Defender from Kaspersky and also have not had the pop-up since.