diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
index 27614e2cb..b6aea04ed 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/EngineVersionCheck.java
@@ -99,7 +99,16 @@ public class EngineVersionCheck implements CachedWebDataSource {
     @Override
     public void update() throws UpdateException {
         try {
-            if (Settings.getBoolean(Settings.KEYS.AUTO_UPDATE)) {
+            final boolean autoupdate = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE, true);
+            final boolean enabled = Settings.getBoolean(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED, true);
+            final String original = Settings.getString(Settings.KEYS.CVE_ORIGINAL_MODIFIED_20_URL);
+            final String current = Settings.getString(Settings.KEYS.CVE_MODIFIED_20_URL);
+            /**
+             * Only update if auto-update is enabled, the engine check is
+             * enabled, and the NVD CVE URLs have not been modified (i.e. the
+             * user has not configured them to point to an internal source).
+             */
+            if (enabled && autoupdate && original != null && original.equals(current)) {
                 openDatabase();
                 LOGGER.debug("Begin Engine Version Check");
                 final DatabaseProperties properties = cveDB.getDatabaseProperties();