Every antivirus app must perform two essential tasks: identifying and removing any malicious software present on your computer, and blocking future malware attacks. Sometimes, though, you get more than just that core protection. ESET NOD32 Antivirus goes beyond the basics with bonus features—some surprisingly powerful—and earned outstanding scores from the labs. That said, it didn't ace all of our hands-on tests, and its bonus features may be too complex for some users. By comparison, Bitdefender Antivirus Plus and Norton AntiVirus Plus both earned perfect (or nearly perfect) scores from two labs and excelled in our own tests, edging out ESET to earn our Editors' Choice award for antivirus.

How Much Does NOD32 Cost?

A NOD32 subscription costs $39.99 per year, and each additional license (up to five) incurs an additional $5 per year. Emsisoft Anti-Malware, Trend Micro Antivirus+ Security, and ZoneAlarm Pro Antivirus + Firewall all come in at or near the $39.99 price for a single license.

Bitdefender and Webroot Essentials start at $49.99 per year for one license, a price that allows you to protect up to three devices with NOD32. And NOD32’s five-license price, $59.99, just gets you a single license for Malwarebytes Premium Security or Norton AntiVirus Plus.

It's not immediately obvious, but your NOD32 subscription offers its own limited cross-platform security. You can use your licenses to activate an installation of ESET Cyber Security for Mac, if you wish.

Getting Started With NOD32

Just about every antivirus program includes the ability to detect and remove potentially unwanted applications (PUAs). These are programs that, while not actively malicious, cause problems that outweigh any virtues they may have. Some default to removing these PUAs, while others leave them alone by default. During installation, NOD32 makes you actively choose whether to detect PUAs or leave them alone. I have enabled PUA detection, and I recommend that you do the same.

In testing, I was surprised to find that NOD32 required a significant application update after installation. Why didn’t the installer I downloaded give me the very latest version? In any case, I let it complete the update.

After installation, NOD32 launches a scan, but I halted this initial scan for testing purposes, saving a full scan for later when I could time it.

(Credit: ESET/PCMag)

Longtime ESET aficionados will notice, perhaps with sadness, that the company’s blue-eyed cyborg mascot retired a few years ago and no longer graces the main window. In the current layout, the bottom half of that window is simply unused space. In the middle, three buttons let you check for updates, launch a scan, or view a security report. A color-coded banner above those buttons reflects security status. Finally, a menu on the left offers seven options: Overview, Computer Scan, Update, Tools, Setup, Help and Support, and ESET Home account. I’ll discuss the ESET Home account below.

Selecting Setup displays options to toggle a handful of computer and internet protection options. All are enabled by default except for Gamer mode and Device Control. You turn on Gamer mode as needed, while Device Control offers security at a level that may be too technical for some users.

(Credit: ESET/PCMag)

Users with a technical bent can click on Advanced Settings. Doing so reveals a dizzying collection of detailed configuration choices. As with Norton, you don't have to go through all those options to find the one you want—you can just start typing in the search box. You’ll rarely need to touch the advanced settings, as the software's default configuration is tuned for optimal security.

Lab Results

Four of the five independent testing labs I follow include NOD32 in their testing, and they all give it perfect scores. The 360 Assessment test developed by London-based MRG-Effitas is especially grueling. ESET passed at Level 1, as did Malwarebytes and Norton. Avast One Basic, Bitdefender, and Microsoft Defender Antivirus came in at level 2.

At AV-Comparatives, testers don't assign numeric scores. An app that passes a test receives Standard certification, while those that go beyond the minimum passing score can take Advanced or Advanced+ certification. In the three such tests that I follow, NOD32 took three Advanced+ ratings. Avast, AVG AntiVirus Free, and Norton also received Advanced+ in all three tests.

Experts at AV-Test Institute evaluate antivirus programs against three key criteria: Protection, Performance, and Usability. Antivirus tools can earn up to six points in each category for a maximum score of 18. In the latest report from this lab, ESET, along with most of its competitors, earned a perfect 18 points, and the rest reached a still impressive 17.5.

Researchers at SE Labs strive to replicate real-world scenarios for testing. They do this using a capture-and-replay system to expose each tested antivirus to the exact same attack. Antivirus apps can earn certification at five levels: AAA, AA, A, B, or C. In the latest test conducted by this lab, all contenders, including ESET, achieved a perfect AAA certification.

Each lab has its own method for reporting the effectiveness of an antivirus in testing. For an overall view, I’ve devised an algorithm that normalizes all the scores onto a 10-point scale and returns an aggregate lab score from one to 10. With ESET, though, no calculation is needed. Four perfect scores yield an aggregate score of 10 points. The only way to do better would be perfect scores from all five labs, a feat that Norton has accomplished. Also tested by all five labs, Avast and Microsoft scored 9.6 and 9.4, respectively.

Scan Choices

I timed a full scan of my standard clean test system and found that NOD32 finished in 81 minutes. That's significantly faster than the current average of almost two hours. During the initial scan, NOD32 also optimizes for subsequent scanning, marking known good programs that don't require further review. A second scan finished in just 19 minutes.

NOD32 doesn't offer the quick scan option found in many antivirus tools, but it provides several custom scanning options. You can drop suspect files or folders on the scan page for a quick checkup. It offers to scan each removable drive you mount. From the custom scan menu, you can scan memory, boot sectors, or any local or network drive.

(Credit: ESET/PCMag)

The boot sector scan I mentioned also triggers NOD32's UEFI scanner. UEFI—which stands for Unified Extensible Firmware Interface—is what modern computers use instead of the antique BIOS. The UEFI scanner also runs in the background, ensuring no malware has subverted your firmware. I assume it works, but I have no way to trigger its protection for testing purposes. Firmware protection is important. Any malware that weaseled into the firmware would have total control over your computer. One aim of the stringent security requirements for running Windows 11 is to protect the firmware and the entire boot process.

NOD32 can actively scan the WMI database. WMI (Windows Management Instrumentation) is best known to programmers as a source of system information. For example, my boot-time performance test for security suites queries WMI to get the start time of the boot process. The WMI scan looks for references to infected files within the database and for malware embedded as data. Likewise, the Registry scan checks for such references and embedded malware throughout the Registry. As with the UEFI scan, I take these activities on faith, as there’s no easy way to test them.

Malware Protection Scores

I’m always happy to have results reported by independent labs, but not every antivirus makes it into those reports. Even when results are available, I still run hands-on malware protection testing to see the app’s defenses in action.

When I opened the folder containing my current collection of malware samples, NOD32's real-time protection scanned them. However, it only eliminated 30% of them at this point. Granted, not every antivirus checks files on sight, but ESET has the lowest detection rate among those that do. At the other end of the spectrum, UltraAV detected every single sample on sight. McAfee AntiVirus Plus doesn’t check files on sight, but when I downloaded the sample collection from the cloud, it also eliminated 100% of them.

Most antivirus apps that scan files for malware on sight or upon download eliminate all the ransomware samples immediately. About 60% eliminate them all, and another 20% wipe out all but one. NOD32, by contrast, quarantined less than half my ransomware samples on sight. It eliminated all but one of the survivors on launch, but that one ran to completion, unhindered by NOD32. I’ll discuss ransomware in detail below.

(Credit: ESET/PCMag)

Continuing the test, I launched the remaining samples. Clearly, the real-time malware checker applies a tougher standard to programs that are about to launch. It prevented several samples from launching at all. That included all the remaining ransomware samples, some of which it identified by name. It flagged many samples as PUAs, and I chose to delete all of them. In other cases, it caught a malware component during the installation process.

NOD32 detected 87% of the samples in one way or another. However, the fact that it let several samples install executable files brought its overall score down to a poor 8.1 points, the lowest score among apps tested using my current set of samples. Admittedly, that’s better than the dismal 7.2 points it earned when last tested. Note, though, that when my hands-on results don’t align with test scores from the labs, I give the labs more weight.

Challenged with this same sample set, McAfee and UltraAV detected 100% and scored a perfect 10 points. Malwarebytes scored 9.9, while Avast, AVG, Norton, and Webroot all scored 9.7.

It takes me quite a while to collect and analyze a new set of malware samples, so those necessarily stay the same for months. To check an app’s protection against the latest in-the-wild threats, I start with a feed of malware-hosting URLs detected in the last few days by researchers at MRG-Effitas. I launch the URLs one after another and note whether the antivirus prevents access to the URL, eliminates the malware payload, or utterly fails to detect any threat.

(Credit: ESET/PCMag)

While some antivirus tools rely on browser extensions to filter out dangerous websites, NOD32 functions below the browser level. That means it can extend its protection to any internet-capable app. In testing, NOD32 blocked the browser’s access to 42% of the malware-hosting URLs. For most of these, it displayed a red warning page. In a few cases, it displayed a yellow warning of potentially dangerous content—I also counted these results as successful detections. The antivirus eliminated another 55% of the threats before the download could finish.

NOD32’s total score of 97% protection is quite good, and matches the latest scores from G Data Antivirus, McAfee, Total Defense Essential Anti-Virus, and Webroot. Nevertheless, others have performed even better. In their own malicious URL tests, Avira Antivirus Pro, Guardio, and Sophos Home Premium all scored 100%.

Phishing Protection

Writing code to evade antivirus tools and steal people's passwords is a tedious and challenging task. Bamboozling people into just handing over those passwords can be much easier. Phishing websites imitate secure sites, from online banking systems to gaming sites. The netizen who logs in to one of these frauds has just given away access to the real account. It's possible to spot phishing scams if you're alert, but having help from your antivirus means you're protected even when your eyelids are drooping.

(Credit: ESET/PCMag)

To initiate the phishing test, I collect reported fraud from websites that track such information, ensuring that I include some that are new and haven't yet been analyzed and blocklisted. Phishing sites are ephemeral, and the newest ones are typically both the most effective and the hardest to detect. I launch each suspected URL in a browser protected by the antivirus under test, as well as in instances of Chrome, Firefox, and Edge, which are protected only by the browser's built-in phishing detection.

If a URL doesn't load properly in any of the four test systems, I toss it. If it doesn't fit the profile for a phishing site—meaning it's trying to steal login credentials—I toss it. Analyzing those that remain provides me with a clear idea of the app's phishing protection capabilities.

Similar Products

Our Current Picks for The Best Antivirus Software for 2026

Bitdefender Antivirus Plus

4.5 Outstanding

Best Deal£19.99 - Save £20 on 3 Devices on 1 Year Plan

Buy It Now

Bitdefender UK

£19.99 - Save £20 on 3 Devices on 1 Year Plan

Read Our Review

Norton AntiVirus Plus

4.5 Outstanding

Best Deal£19.99 for the First Year, One Device

Buy It Now

Norton UK

£19.99 for the First Year, One Device

Read Our Review

ESET NOD32 Antivirus

4.0 Excellent

Best Deal£19.90 for 1 Device on 1 Year Plan

Buy It Now

ESET UK

£19.90 for 1 Device on 1 Year Plan

Read Our Review

McAfee AntiVirus

4.0 Excellent

Best Deal£39.99/Year for 10 Devices

Buy It Now

McAfee UK

£39.99/Year for 10 Devices

Read Our Review

Emsisoft Anti-Malware

4.0 Excellent

Best Deal£21.74 Per Year

Buy It Now

Emsisoft UK

£21.74 Per Year

Read Our Review

G Data Antivirus

4.0 Excellent

Buy It Now

Read Our Review

Malwarebytes Premium Security

4.0 Excellent

Best Deal£29.99

Buy It Now

Malwarebytes UK

£29.99

Read Our Review

Sophos Home Premium

4.0 Excellent

Best Deal£37.5

Buy It Now

Sophos

£37.5

Read Our Review

Webroot Essentials

4.0 Excellent

Best Deal£14.99

Buy It Now

Webroot UK

£14.99

Read Our Review

In most cases, NOD32 replaced the offending page with a red-highlighted page warning of a potential phishing attempt. For about one in six detections, the warning instead used a yellow highlight and warned of potentially unwanted content. I counted both as successful detections.

(Credit: ESET/PCMag)

When last tested, NOD32 detected 93% of the verified phishing frauds. This time around, it zoomed to 100%. To be fair, several competing antivirus apps also scored 100%: AVG, Avira, Guardio, McAfee, Surfshark One, and Webroot. The scam-focused Norton Genie also reached 100%.

I tested ESET Cyber Security for Mac with the same set of samples and found that it handled them exactly the same as its Windows counterpart, also reaching 100% detection. The last time I evaluated these apps, the Mac edition scored a dismal 36%, so this is a huge improvement.

ESET Home Online Dashboard

Modern security offerings extend beyond simply protecting a single device. Even the simple antivirus reviewed here can protect multiple Windows or macOS devices. A central hub to manage all your installations is more important than ever. That’s where ESET Home comes into play.

There's an ESET Home account entry in the application’s left-side menu. You can also navigate to home.eset.com from any browser. Once you log in, you can view all your licenses and protected devices. For each license, it shows the total number of devices, the number in use, and the number still available. From this dashboard, you can open a license and add protection to the current device or send an email link to protect another device.

(Credit: ESET/PCMag)

Shifting to the devices view, you can quickly see if your devices have security issues. You can obtain details about any problems, but you must go to the affected computer to address those issues. There’s no remote configuration control, such as Sophos, Webroot, and a few others offer.

This page offers another opportunity to add protection to more devices. One odd limitation is that protected macOS devices still don’t appear in ESET Home.

The online dashboard is also the spot to manage ESET's parental control, password management, and anti-theft components. However, those components aren’t part of this standalone antivirus.

HIPS Blocks Exploits

ESET's security suites add a full-blown firewall and network protection, but even the standalone antivirus offers a Host Intrusion Prevention System (HIPS). To see this component in action, I hit the test system with 30 exploits generated by the CORE Impact penetration tool. The HIPS detected and blocked many of these attempts to exploit security vulnerabilities.

(Credit: ESET/PCMag)

None of the exploits penetrated security since the test system is fully patched. NOD32 detected and blocked 29% of the attacks, identifying most of them using the official exploit number. Scores in this test have been gradually dropping. Currently, G Data, Vipre Antivirus Plus, and Bitdefender top the list, with percentages of 56%, 55%, and 52%, respectively.

Ransomware Protection

NOD32’s real-time antivirus components eliminated all but one of my ransomware samples in testing. The missed one was a whole-disk wiper attack, and it wiped out the test virtual machine. Fortunately, recovery was just a matter of reverting to an earlier snapshot, but in the real world, it wouldn’t be so easy.

The biggest real-world ransomware threat is a zero-day attack, too new for detection by simple antivirus techniques. The HIPS system, mentioned earlier, includes a component called Ransomware Shield, which uses behavior-based detection to defend against such attacks.

I can’t just trigger a zero-day ransomware attack, but I can simulate the situation by disabling the regular real-time antivirus and leaving only the Ransomware Shield to handle ransomware protection. After isolating the test virtual machine from the internet, I proceeded to launch two disk-encrypting ransomware samples and a dozen of the more common file-encrypting ransomware samples.

One sample proceeded to encrypt the whole virtual disk, with not a peep from ESET. As noted, the similar disk wiper sample did its dirty deeds even with every protective layer active.

(Credit: ESET/PCMag)

Of the dozen file-encrypting samples, one did nothing, so naturally it wasn’t detected. ESET completely foiled five based on their behavior. It was a little late catching another three, allowing the ransomware to encrypt more than 1,000 filed. To be fair, these were all unimportant files, such as logs and manifests—no important documents were affected.

If you’re keeping score, you know that three more samples haven’t been accounted for. ESET completely missed those three, allowing them to wreak havoc on the test virtual machine’s files and documents.

As with ransomware protection layers in other antivirus utilities, NOD32's anti-ransomware layer isn’t intended as the app's first line of defense or even its second. With all cylinders firing, NOD32 eliminated all but one of the ransomware samples (most competitors eliminate them all). This test suggests that the ransomware detection component may require some improvement.

Comprehensive Device Control

NOD32's Device Control is a feature more suitable for business settings than for consumer use. Out of the box, this feature is disabled. To enable it, you must reboot the system. With Device Control active, you can prevent the use of a wide variety of device types while making exceptions for trusted devices. Among other things, Device Control can prevent anyone from stealing company data by copying it to unauthorized external drives and head off infestation by USB-based malware.

ESET isn't the only security company offering such a feature. Device Protection in Avira allows you to allowlist or blocklist specific devices, and you can password-protect settings so that nobody can modify the lists. However, even when password protection is active, users can allowlist a new, unknown drive. G Data Total Security offers advanced device control, and it can prevent others from adding exceptions. Note, though, that this is G Data’s top-tier mega-suite. ESET puts device control in its basic antivirus. It's an excellent, if technical, bonus feature for an entry-level antivirus.

(Credit: ESET/PCMag)

The Device Control system in NOD32 is the most elaborate I've seen. You can create rules for various types of devices, including card readers, imaging devices, Bluetooth devices, and more traditional external storage devices. Each rule sets an action for a device type, an individual device, or a group of devices. Available actions include blocking device use, opening it in read-only mode, or granting full read/write privileges. You can also configure a rule to warn that policy limits access to the device, and that accessing it despite the warning will be logged.

As with G Data and others, using this system is a game of rules and exceptions. For example, you could start by forcing read-only use of CD/DVD drives so nobody can burn secrets to disk. Additionally, you might create an exception that allows you, but nobody else, to burn disks. Or you could ban removable drives but permit specific authorized ones.

(Credit: ESET/PCMag)

In a highly technical household, you might set different access levels for various user accounts, with full access for yourself but limited access for others. Note, however, that NOD32 relies on the Select Users or Groups dialog to select user accounts, rather than providing a more user-friendly account list.

Yes, even less technical consumers can probably manage to configure NOD32 so the kids can't corrupt the system with infected thumb drives, but it's not easy. Most users should leave this feature turned off.

Security Tools

Device Control isn't the only feature that takes NOD32 beyond simple antivirus. There's a whole page of tools to enhance your security experience. Some are useful to all; others require a technical mindset.

Several tools give you views of what NOD32 has been doing for you. The Security Report displays the number of applications, web pages, and other objects that NOD32 has scanned. You can peruse logs of malware detections, HIPS events, and more.

(Credit: ESET/PCMag)

Bringing up the Running Processes list displays every process running, with more detailed information than you'd get by simply looking at Task Manager. Drawing from ESET's LiveGrid analysis system, it reports the reputation, number of users, and time of discovery for each process. This chart, like the chart of file system activity, may be more useful to a tech support agent examining your system remotely.

Many security suites offer a system cleaner that removes junk files and erases traces of your computer and web browsing history. With NOD32, System Cleaner has a different meaning. Like Webroot's similar feature, it aims to correct and restore system settings that malware may have modified. For example, some ransomware replaces your desktop wallpaper with a ransom note, even before attempting encryption behaviors that might trigger an antivirus reaction.

(Credit: ESET/PCMag)

Everybody should run the SysInspector tool right after installing NOD32. This scanner logs tons of details about your PC’s configuration, including what services are active, the status of critical system files, and the values of essential Registry entries.

Previous versions of SysInspector had an impressive superpower. At any time, you could create a new log and compare it with an earlier log, or with the baseline. The result would be a report detailing the changes between the two, providing information that could be incredibly useful if you’re trying to diagnose a system problem. However, I couldn’t find that feature in the current version, and the official change log reveals that it was removed in a previous version. Too bad!

Even if you always get someone else to help you out of computer jams, you should still run a baseline SysInspector report. Your tech-savvy niece or remote-control tech support agent will find it extremely helpful.