McAfee AntiVirus

Do you need antivirus protection for just one PC, or do you have a stable of devices to protect? McAfee AntiVirus specifically handles the former case, with one subscription strictly covering one Windows PC. It's a fine choice for a one-PC situation, with good scores from independent labs and in our owns tests. Those who need broader coverage can look to McAfee+, a cross-platform suite with unlimited licenses. Even for just one PC, you should also consider our Editors’ Choice winners, Bitdefender Antivirus Plus and Norton AntiVirus Plus. Both earn top scores in independent lab tests, and both offer a wealth of bonus features, including VPN service.

What Happened to McAfee AntiVirus Plus?

McAfee AntiVirus is a step down from its predecessor, McAfee AntiVirus Plus, which offered antivirus protection for unlimited devices running all popular operating systems. McAfee made it very clear to me that AntiVirus Plus is not at the end of its life. It just isn’t available for a new purchase anymore. The company will continue supporting existing customers “for the time being.”

McAfee strongly encourages new customers to enter at the suite level, choosing either McAfee Total Protection for a fixed number of licenses or the unlimited license subscription to McAfee+. At its higher pricing tiers, McAfee+ also comes with a comprehensive identity theft service.

How Much Does McAfee AntiVirus Cost?

Don’t go looking for this antivirus on McAfee’s website. It’s only sold through third-party partners such as Amazon and Best Buy, where it lists for $49.99 per year. Most antivirus utilities charge less for a one-license yearly subscription. For example, Bitdefender, Emsisoft, ESET NOD32 Antivirus, Trend Micro, Webroot, and ZoneAlarm all go for just under $40.

That’s it for McAfee’s pricing scheme. If you want to protect three computers, you buy three licenses—or you switch to a McAfee suite. This is an uncommon model, though Trend Micro and Webroot work the same way. Most antivirus companies offer volume discounts for three, five, 10, or even more licenses. The average per-device price for a three-license subscription is about $19, less than half the one-device average. At five licenses, the average drops to $14, and at 10 licenses, it’s about $11.

When it was available, McAfee AntiVirus Plus ran users $64.99 per year to protect all the devices in their households. With its departure, the only unlimited license antivirus I cover is Panda Dome Essential, which, while not billed as strictly an antivirus, occupies the antivirus position in Panda’s lineup. Panda charges $119.99 for that unlimited license. Every time you install protection on another device, you lower the per-device price.

Of course, with a free antivirus like AVG AntiVirus Free, you effectively have unlimited licenses. Avast One Basic, a stripped-down version of Avast One Gold, also costs nothing and protects all four popular platforms. These two are our Editors’ Choice winners in the free antivirus realm.

Getting Started With McAfee AntiVirus

To install McAfee, you first go online and activate your license key. If you configure your account for automatic renewal, you get a Virus Protection Pledge from McAfee. That means if any malware gets past the antivirus, McAfee experts promise to remotely remediate the problem, a service that normally costs $89.95. In the unlikely event the experts can't clear out the malware, the company refunds your purchase price. Norton AntiVirus offers a similar promise, as does ZoneAlarm Extreme Security.

With that housekeeping out of the way, it's time to download and install the antivirus. I was pleased to find that the installer did its job quickly and didn't require handholding from me. I did accept its offer to install the essential Web Protection in my default browser. Once installation is complete, the antivirus starts protecting you right away.

(Credit: McAfee/PCMag)

McAfee’s main window has had a different appearance in each of my last several reviews. At present, a large panel at the top left offers suggested actions, much like the recommendations from Bitdefender’s AutoPilot system. To the right, a smaller panel reports the on/off status of the antivirus and firewall components, with links to configure these important components. It also reports any issues with overall device status.

The lower part of the window holds four panels described as Shortcuts. From these panels, you can run an antivirus scan, remove temporary files that might allow tracking of your activities, configure Web Protection, and securely delete sensitive files.

You also find a pair of icons down the left side that can expand to a left-rail menu. Clicking Home brings you back to the home screen, and My Protection opens a list of core antivirus tasks, such as launching or scheduling a scan and checking what’s in quarantine. Tracker Remover, Web Protection, and File Shredder appear in this menu as well as in the row of Shortcuts panels.

Practically Perfect Lab Results

I follow four independent antivirus testing labs that regularly publish reports on their findings. Three of the four currently include McAfee when they round up antivirus utilities for testing, which is a good sign. It means that they consider it significant and worthy of their testing efforts. At present, McAfee holds perfect or near-perfect scores from all three labs.

Testing experts at AV-Test Institute rate antiviruses on how well they protect against malware, how light a touch they have on performance, and how little they interfere with usability by wrongly flagging valid programs and websites as malicious. An antivirus can earn six points each for Protection, Performance, and Usability, for a maximum of 18 points. McAfee reached a perfect 18 in the latest report from this lab, as did Avast, AVG, Bitdefender, and all but a handful of others.

Researchers at SE Labs use a capture and replay system to challenge multiple antivirus tools with identical web-based attacks. Each antivirus can earn certification at five levels: AAA, AA, A, B, and C. In the latest round of testing, almost all the tested programs received AAA certification, McAfee among them. Other antiviruses that reached the AAA level in the latest reports include Avast, Microsoft, and Webroot AntiVirus.

AV-Comparatives regularly publishes a variety of tests; we follow three of them. Those apps that pass a test receive Standard certification. Those that achieve exceptional success can earn an Advanced or Advanced+ rating. McAfee missed perfection by a hair, with two Advanced+ certifications and one Advanced. Avast, AVG, Bitdefender, and ESET currently hold Advanced+ in all three.

McAfee’s success in the tough tests put on by MRG-Effitas has been uneven in the past. Where most tests report results across a range, these are effectively pass/fail, and McAfee racked up a few failures in the past. However, this lab didn’t put McAfee to the test in its latest report.

 I've devised an algorithm that maps all the lab scores to a 10-point scale and yields an aggregate lab score from 0 to 10. McAfee’s scores from three labs yielded a respectable 9.8 points. ESET and Bitdefender AntiVirus, also tested by three labs, earned 9.9 and 10 points, respectively. Encompassing scores from all four of the labs, Avast’s 9.9-point score is also impressive.

Mixed Scores in Malware Protection Tests

In addition to checking results from independent testing labs, I put every antivirus through my own hands-on malware protection testing. Some programs I test don't show up in reports from any of the labs, making hands-on tests essential. Even for one like McAfee, certified by three labs, this process gives me a chance to experience antivirus protection in action.

In most cases, I start by opening a folder containing a collection of malware samples that I have collected and manually analyzed so I know just what damage they can do. For many real-time antivirus components, the minimal access that occurs when Windows Explorer checks the file's name, size, and so on is enough to trigger an on-access scan.

McAfee scans files upon download and just before they launch, but it doesn’t scan on simple access. To exercise all the app’s detection components, I started by downloading my samples from cloud storage rather than working with existing local copies. McAfee blocked downloading nearly 80% of the files, sending the offending file directly to quarantine.

(Credit: McAfee/PCMag)

I continued by launching the files that weren’t blocked at the download phase. McAfee didn’t prevent any of these from launching, but caught around half of them after they began installation.

McAfee completely missed 10% of the samples, for a middling detection score of 90%. It didn’t fully prevent installation of some that were caught on launch, resulting in a final score of 8.5 points out of a maximum of 10. That’s among the lower scores of antivirus tools tested with my current sample set, though it beats Bitdefender’s score. As always, when my results don’t jibe with lab test scores, I give the labs more weight.

Avast and AVG detected 99% of these samples and scored a near-perfect 9.9 points. Norton and Malwarebytes Premium also detected 99%; these two reached 9.8 points.

It takes a long time to collect, curate, and analyze a new set of samples, so I don't change to a new set often. To see how each antivirus handles the very latest in-the-wild malware, I use a feed of the latest discoveries supplied by London-based lab MRG-Effitas. This feed is simply a list of malware-hosting URLs discovered over the last few days. I load the list into a small program that launches each URL and makes it easy to record whether the antivirus blocked access to the URL, eliminated the malware download, or did nothing. I continue launching samples until I have data for 100 verified malware-hosting URLs.

(Credit: McAfee/PCMag)

McAfee's WebAdvisor component blocked access to 81% of the malware-hosting URLs, identifying some as Risky and others as merely Suspicious. I can’t imagine a sensible user proceeding to a page their antivirus labeled Suspicious, so I counted both types as successful diversions. The warning page also included tags to further define what WebAdvisor found, tags such as Malicious Sites, Malicious Downloads, Parked Domain, Consumer Protection, and more. And in one case, McAfee slipped in a banner at the top of the page, reporting that it blocked dangerous content while allowing the rest of the page.

The remaining URLs reached the download stage and faced analysis by McAfee’s real-time detection. It sent most of these to quarantine. Overall, McAfee blocked another 13% of the URLs at the download stage, for a total of 94%. That’s a good score, but not quite up to the 99% it reached when I last tested it.

The precise URLs used in this test are different every time, but always the most recent. In their own latest tests, Bitdefender, Guardio, Sophos Home Premium, and Trend Micro all managed a perfect 100% detection rate.

Scans and Scheduling

After installing a new antivirus, you should always run a full scan. The time for that initial scan varies quite a bit, but the current average is just under two hours. McAfee’s current edition defaults to putting all necessary resources into the scan, so it finishes faster. The alternative is to work more slowly in the background, avoiding any interference with your ongoing activities.

When I timed a full scan in a clean virtual machine testbed, it took eight and a half hours to finish, a new record. I hate to imagine how long it would have taken without Fast Scanning enabled. A second scan finished in less than an hour, cutting 90% from the initial time. I suggest just letting that first scan run in the background without worrying about how long it might take. McAfee also offers a quick scan, which it says takes “5 to 10 minutes.” Indeed, it finished in 10 minutes on that same test system.

(Credit: McAfee/PCMag)

In theory, you only need that drawn-out full scan once, as real-time antivirus should handle new threats. However, as a second tier of protection, McAfee schedules a bi-weekly full scan. You can switch to scanning every week or once a month, or you can create your own custom schedule.

Excellent Phishing Protection

Devising a Trojan for stealing user account credentials requires a malware coder to invent techniques for slipping past layers of antivirus protection and the operating system’s own security features. That’s no easy task, and it’s just the start. The Trojan still needs code to locate those credentials and phone them home. It’s a lot easier to just hoodwink the user into giving away their credentials. Not only that, phishing is platform-agnostic. Any device that has a browser—whether it's a Chromebook or a smart lawnmower—can be your downfall. Even if you're well-trained in spotting these scams, it just takes one lapse.

Phishing fraudsters create sites that masquerade as sensitive sites and spread links through spam, malicious ads, and the like. Bank sites, online gaming, dating sites—no secure site is immune. If you log in to the fraudulent website, you’ve handed your account over to the fraudsters. Such sites quickly wind up blacklisted, but the perpetrators simply spin up new ones.

(Credit: McAfee/PCMag)

Because phishing pages are ephemeral, I always test using the very newest reported phishing sites, scraped from websites that track them. In addition to known and verified frauds, I make sure to include some that have been reported but haven't yet gone through analysis. This puts pressure on the antivirus to heuristically examine web pages and detect frauds without relying on an always-outdated blacklist.

I launch each URL simultaneously in four browsers, starting with one protected by the antivirus in testing. The other three depend on protection built into Chrome, Firefox, and Microsoft Edge. I run through hundreds of reported phishing URLs, discarding any that one or more of the browsers can’t reach and any that aren't verifiable credential-stealing frauds.

McAfee’s WebAdvisor routinely aces this test, scoring at or near 100%. It reached that pinnacle in its last test, and again this time around. Also at the 100% detection level are Guardio, Trend Micro, and the phishing-focused Norton Genie, as well as the antivirus component of VPN-anchored security tools NordVPN Plus and Surfshark One.

McAfee’s macOS edition also scored 100% when tested against the same samples.

Testing Ransomware Protection

McAfee's ransomware protection component doesn't have any independent presence. It's just another layer of real-time protection. According to McAfee, if regular protection doesn't recognize a brand-new ransomware attack, the antivirus watches its behavior. At the first faint sign of an attempt to encrypt files (what McAfee calls "file content transformation"), it makes protected copies of those files and cranks up its vigilance. When it reaches a firm decision that the program is truly ransomware, it quarantines it and restores the files from backup. Trend Micro Antivirus+ Security does something similar.

When possible, I simulate the zero-day possibility by turning off real-time protection, leaving only the ransomware component active. But as with Trend Micro, turning off real-time protection also disables the ransomware component.

(Credit: McAfee/PCMag)

Even so, I found a way to test this feature. I keep hand-modified versions of every sample, which I use to check the flexibility of malware recognition. I created a new set of tweaked samples, different from all previous sets and thus never precisely seen before. McAfee eliminated most of these instantly on launch, identifying about half of them specifically as ransomware.

Most isn’t all, however. One modified ransomware sample ran to completion, encrypting over 10,000 files and displaying its ransom note. Good thing I run these tests in an expendable virtual machine! The modified version of a ransomware-adjacent program that modifies executable programs also slipped past McAfee’s protection.

And then there’s the wiper. Wiper malware is similar to whole-disk encrypting ransomware, except that it doesn’t offer any way to recover. Wiper attacks reportedly hit Ukraine just before the start of Russia’s war on Ukraine. And my one wiper sample evaded McAfee’s protection even in its unmodified form.

In this simple test, McAfee demonstrated that it can block most ransomware attacks, even when the sample is hand-modified to evade detection. However, the fact that it missed one disk wiper attack and one tweaked sample, even with all antivirus components active, is worrying.

Minimal Firewall

Most security companies reserve firewall protection for the full-blown security suite, but McAfee puts it right in the standalone antivirus. McAfee’s firewall checks outbound network traffic while leaving the built-in Windows Firewall to handle inbound traffic. That means Windows firewall is in charge of stealthing ports and resisting attacks from the web, tasks it handles well.

Those of us who've been around long enough remember the early personal firewalls, with their maddening, incomprehensible queries. “WhiteHouse.exe wants to connect to URL 192.0.66.168 on port 8080; allow or block? Once or always?” Consumers just aren’t qualified to answer those questions. Some always allow access. Others always choose block…until they break something, at which point they switch to allowing everything. It's not an effective system.

In previous editions, McAfee’s default was Smart Access mode, meaning it made all decisions about allowed network permissions. If you really wanted an old-school experience, you could dig into the settings and switch to Monitored Access, but I always advised against doing so. That’s no longer a worry, as the current firewall uses neither mode. Rather, it leaves this protection to the built-in Windows firewall. What McAfee does is block attempts by your apps to connect with risky sites. I couldn’t manage to see this in action, as such attempts were blocked by McAfee WebAdvisor.

(Credit: McAfee/PCMag)

Firewall protection isn't much use if a malware coder can craft an attack that disables it. As part of regular firewall testing, I attempt to disable protection using techniques that a malware coder could implement. It's hard to believe, but you can disable some security programs using a Registry tweak, like changing a value from On to Off or True to False. Looking at McAfee’s presence in the Registry, I found I could delete or modify most of the values, but doing so had no noticeable effect on the app, and rebooting undid many of my changes.

When I checked running processes, I found four belonging to McAfee. The two firewall processes resisted termination. Killing the other two blew away the user interface, but it came back when I clicked its notification area icon, so no worries there.

In a similar fashion, when I stopped the Windows service that powers WebAdvisor it came back on demand. The main McAfee service was hardened against tweaking. I did find I could set WebAdvisor’s startup mode to Disabled. A reboot verified that I killed it, but McAfee popped up, offering to revive it. Overall, McAfee proved resilient, resisting my attempts to disable its protection.

Some Past Features Have Disappeared

If you haven’t looked at McAfee’s antivirus for several years, you’ll find that more has changed than its appearance. For starters, it no longer attempts to find and fix missing security patches; you’ll have to take care of that yourself. The App Boost and Web Boost features, admittedly less important to security, have also departed.

McAfee has long boasted a network feature called My Home Network. In years past, it included the ability to pair McAfee-equipped computers for remote management and to identify devices on the network that lacked McAfee protection. Remote management fell by the wayside more recently, and the current antivirus no longer includes My Home Network.

McAfee’s Protection Center and Protection Score aim to encourage proper security behavior by rewarding users with a higher score, but it’s more directly relevant to McAfee’s security suite line. In the current standalone antivirus, there’s no connection to the Protection Center.

It's understandable that McAfee would choose to remove features that don't get a lot of use or that are difficult to maintain. However, if you were one of those who did make use of the now-vanished features, their disappearance is sure to disappoint.

Some Vanished Features Have Returned

McAfee’s designers are clearly fine-tuning just which features are most wanted. A couple that had vanished when I last reviewed this antivirus have returned.

You might think the Tracker Remover feature would aim to keep web ads and trackers from profiling you, but what it really does is clean up traces of your computer and browsing activity. The secure deletion File Shredder allows you to delete sensitive files beyond the possibility of forensic recovery. As noted, these two were absent when I last reviewed this antivirus—they’re back!

(Credit: McAfee/PCMag)

Anyone who gains access to your computer can cause all kinds of problems. Even with no malice intended, they still might snoop around and learn just what you’ve been doing. Tracker Remover wipes out temporary files and empties the Recycle Bin for starters. It also clears cookies and history from Chrome, Edge, Firefox, and Internet Explorer. Similar features in other security apps go farther, wiping out things like lists of recently used documents and browser cache files, but McAfee’s scan is quick and simple.

When you delete a file in Windows, it goes to the Recycle Bin. If you find you made a mistake, you can rescue it from the bin. Even after you delete an incriminating file, the feds can impound your computer and recover that file in the same way. Secure deletion, often called file shredding, ensures that what you delete stays deleted, even against forensic file recovery.

(Credit: McAfee/PCMag)

You can right-click any file or folder and choose Shred from the menu that pops up or open the File Shredder within the main app to shred the contents of the Recycle Bin, the temp folder, or any arbitrary folder. Take care; shredded files are really, truly gone. By default, McAfee runs two shredding passes, which is enough to defeat file recovery software. If you suspect the authorities may put your computer through hardware-based forensic recovery, you can choose three or five passes.

There’s More to WebAdvisor

You’ve seen that WebAdvisor can steer the browser away from both malware-hosting websites and phishing frauds. The browser extension can also color-code results in popular search engines, letting you see before even clicking whether a site is safe, dangerous, or untested.

(Credit: McAfee/PCMag)

By default, McAfee only marks up results obtained using its own Secure Search engine, which it actively advises you to install. If you’d rather keep using Google, DuckDuckGo, or some other popular engine, you need to make a small settings tweak. Click the toolbar icon for the WebAdvisor extension, click the gear icon at the top, select the Preferences tab, and scroll down to choose “Tell me if a search result is safe in any search engine.”

You don't have to make any changes to get notifications of dangerous links on your social media pages. By default, WebAdvisor marks up Facebook, Instagram, Linkedin, Reddit, Twitter, and YouTube. You can turn this feature on or off from the same WebAdvisor settings page, but I’d suggest you leave it on.

(Credit: McAfee/PCMag)

Ransomware attacks can be shocking, even frightening. Cryptojacking is much more subtle. You visit a website, and it coopts your system resources as part of a distributed system that mines for bitcoin or some other cryptocurrency. Bear in mind that there's nothing illegal about mining for Bitcoin. Mining is where bitcoin and other cryptocurrencies come from. The problem comes when a website or program covertly hijacks your computer's resources to mine currency for someone else. While WebAdvisor used to let you fine-tune its cryptojacking detection, it now simply rolls that protection in with defense against other types of risky sites.

Bitdefender recently added protection against unwanted crypto mining, but only in its security suites, not in the basic antivirus.

Verdict: Reliable Protection for One PC

McAfee AntiVirus earns very high marks from the independent testing labs and scores high in some of our own hands-on tests. Where its predecessor, McAfee AntiVirus Plus, protected all your devices on all platforms, the current antivirus is strictly Windows, with no volume discount for multiple PCs. If you truly need no more than protection for one Windows PC, it's a worthwhile choice. Otherwise, look to our Editors' Choice winners, Bitdefender Antivirus Plus and Norton AntiVirus Plus. Both earn excellent scores from testing labs around the world and pack in enough features to outdo many security suites.