Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
IZoom
Contributor
Jump to solution

Harmony Endpoint <> Mozilla Thunderbird

Hi guys,

 

I have issue - when I install endpoint (recommended / latest) and run Thunderbird on various windows versions, epam_svc.exe uses 25-60% CPU while Thunderbird not responding.

  • defined exclusion to Anti-Malware on access scan for "C:\users\*\AppData\Roaming\Thunderbird\Profiles\" (

    https://wiki.mozilla.org/Thunderbird:Testing:Antivirus_Related_Performance_Issues)

  • The Thunderbird profile is not huge - ~20 GB, 622 files
  • internal log viewer shows nothing (not literally)
  • sysinternals procemon points lot of EPMA_SVC pointing to thunderbird profiles even the exclusion is set
  • windows various versions (from 7 till 10 enterprise latest build, fully patched)
  • cpda.log does not show unusual activity.
  • AntimalwareBlade.log some strange messages: 

    [warni] Unhandled callback event EVENT_MAILBASE [AMEngine::Kav::KavScanner::KavCallbackMethod], nothing else unusual

 

Do you have it working / tested with Thunderbird?

0 Kudos
1 Solution

Accepted Solutions
IZoom
Contributor

This helps: excluded from AntiMalware - on access - scan mail messages. 

We are trying to isolate problem now with removing previous generic exclusions and define new in AntiMalware blade only for thunderbird.exe process.

I'll keep you posted.

View solution in original post

14 Replies
PhoneBoy
Admin
Admin

I would open a TAC case here.

0 Kudos
IZoom
Contributor

Thanks man. I'll keep you posted about solution

0 Kudos
HSPPA
Explorer

Please, take into consideration these additional notes:

  • Thunderbird "Deleted Items" folder is corrupted after the endpoint installation.
  • Thunderbird "Sent Items" folder, is corrupted also.
0 Kudos
IZoom
Contributor

This helps: excluded from AntiMalware - on access - scan mail messages. 

We are trying to isolate problem now with removing previous generic exclusions and define new in AntiMalware blade only for thunderbird.exe process.

I'll keep you posted.

MikeB
Advisor

thank you for sharing this information. It helps a lot

0 Kudos
stl
Explorer

Hi

I have the same problem - how can I exclude "scan mail messages" in cloud-based Harmony Endpoint -> Policy - > Threat Prevention -> Exclusion Center?

There is no "AntiMalware - on access - scan mail messages". I can exclude process (like thunderbird.exe) only.

 

Regards

Chris

0 Kudos
jgarcias
Participant

Hello,

Same problem here.

Did you solved the issue or still using the workaround of disabling scan mail messages?


Thanks

0 Kudos
stl
Explorer

Hi

I'd exluded process "thunderbird.exe" in this setting:

Scan all files upon access .. -> Add Location -> Process Name (full path to thunderbird.exe)

0 Kudos
jgarcias
Participant

Hello,

 

OK, I wouldn't like to exclude the whole process so I think I'm going to open a TAC case to check it...

 

Thanks

0 Kudos
stl
Explorer

Hi

Please let me (and us 😉) know, what they proposed/did.

0 Kudos
IZoom
Contributor

I had opened TAC. Result was in Thread prevention -> Exclussion center -> Exclussion settings - > Process exclussion (on-access only) -> thunderbird.exe

0 Kudos
jgarcias
Participant

So the solution from the TAC was exclude "thunderbird.exe" from being analyzed? It seems a workaround.... 

Did they tell you if in a future release could fix the problem to not exclude it from protections?

0 Kudos
IZoom
Contributor

correct, this was answer from TAC. Yes, they did tell me they don't plan to fix it for the future releases as this is known bug of thunderbird, which is minor email client. Many other vendors fixed it by default exception not visible to admins. 

the security is not broken too much as the mails are scanned on network level and the attachments are scanned on touch. Just the core thunderbird.exe is excluded.

0 Kudos
jgarcias
Participant

OK, thanks for your answer

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events