Pros & Cons
-
- Perfect scores in independent lab tests
- Excellent scores in hands-on tests
- Ransomware Protection foils ransomware attacks
- New protection for AI agents
- Intelligent firewall
- Includes vulnerability scan and other suite-level features
-
- Relatively expensive
- Poor score in one hands-on test
Norton AntiVirus Plus Specs
| Behavior-Based Detection | |
| Firewall | |
| Malicious URL Blocking | |
| On-Access Malware Scan | |
| On-Demand Malware Scan | |
| Phishing Protection | |
| Vulnerability Scan | |
| Website Rating |
You can get an antivirus app that just covers the basics—cleaning up malware infestations and foiling any new attacks. Or you can get an antivirus that does a lot more, like Norton AntiVirus Plus. With Norton, you get a powerful firewall, a cloud-based backup system, ransomware deterrence, protection for your AI agents, and more. It gets top marks in independent lab tests and in most of our own tests. Yes, it costs more than some competitors, but you get the Norton name and decades of malware-fighting experience, combined with more features than many security suites. It easily earns our Editors’ Choice award for antivirus software alongside the equally excellent Bitdefender AntiVirus Plus. You can read a direct comparison of the two here.
Pricing: Premium Cost, Premium Protection
At $59.99 per year for a single license, Norton is more costly than many antivirus tools. The most common price for a single, standalone antivirus license is just under $40, about $20 lower than the average. That’s the price for antivirus apps from Emsisoft, Trend Micro Antivirus+ Security, and ZoneAlarm Pro Antivirus, among others. For many of those, you get three licenses for $59.99 or even less. ESET NOD32 Antivirus, Total Defense Essential Anti-Virus, and ZoneAlarm cost about $49.99 for three licenses.
For years, Norton didn’t offer multi-license pricing for this antivirus. If you wanted to protect two PCs, you’d buy two licenses, which would cost almost $120. For that same price, you could upgrade to Norton 360 Deluxe. That upgrade would get you five full suite licenses, five licenses for Norton Secure VPN, 50GB of hosted online backup, and more.
Norton has now rectified that pricing oddity. If you need antivirus protection for multiple devices, you can pay $84.99 per year for five licenses. That’s still on the high side, given that the median price for a five-license antivirus subscription is the $69.99 per year that you pay for Panda Dome Essential. But on a per-device basis, it’s a big improvement. Note, too, that Norton gives you way more than basic antivirus protection.
Virus Protection Promise: Malware Removal Guaranteed
In addition to the expected Norton Antivirus Plus full-on tech support, Norton offers a Virus Protection Promise. If the antivirus can't remove a malware infestation even after you follow all the recommended steps, experts will log into your computer remotely and fix the problem. In the unlikely event they can't resolve the issue, you can apply for a refund. This promise does require a commitment on your part. It only applies if you've signed up for automatic renewal. McAfee AntiVirus and ZoneAlarm offer similar guarantees. You can read a full comparison between McAfee Antivirus and Norton AntiVirus Plus here.
Inside the Gen Stack: Shared Tech Across Top Security Brands
Gen Digital is the company that owns Norton and a raft of other security brands, including Avast, AVG, and Avira. Avast and AVG merged back in 2016, and they’ve both used the same antivirus engine for years. More recently, Norton joined the club, also using the same engine.
The developers have merged the best of these technologies into a single antivirus engine that they call the Gen stack. Avira will follow before long. I can’t guarantee the three implement their antivirus protection exactly the same, but in several tests, AVG, Avast, and Norton have earned precisely the same scores
Setup and Interface: Feature-Packed But Easy to Navigate
During installation, you activate cloud storage for your backups. That’s a nice touch, as it lets Norton start backing up your most essential files with no further effort on your part. You also get the opportunity to install not one but four Norton browser extensions in your default browser (Safe Search, Safe Web, Home Page, and Coupons). That sounds like a slog, but over the years Norton has streamlined and automated this process to an amazing degree.
(Credit: Norton/PCMag)Other early events include installing Norton’s secure browser and password manager. After a welcome and an optional tour of features, you’re ready to roll.
Norton’s antivirus and security apps maintained roughly the same layout for almost 10 years. The more recent version is completely different, reflecting the switch to the Gen stack.
(Credit: Norton/PCMag)The main window layout features a panel that displays security status in the middle of the home screen, with a rotating ad space below it, touting products like Norton Utilities Ultimate. A menu down the left side lets you choose Home, Security, Performance, Store, Search, Settings, and Account. Most of these are self-explanatory. The Store page promotes additional Norton products and services, while the Seach page helps you navigate this feature-packed antivirus.
Down the right-hand side, you find a collection of options, many of which used to reside in the separate My Norton app: Scans, Cloud Backup, Software Updater, Browser Extensions, Password Manager, and Private Browser. I’m pleased to see all the features back in one place.
When you install Norton AntiVirus, you also get Norton Password Manager. This isn't precisely a bonus since you can get Norton Password Manager for free, but it's nice to have it integrated into My Norton. Read our review of the standalone app for full details.
(Credit: Norton/PCMag)Norton Password Manager handles basic password management tasks such as password capture, password replay, and filling web forms. It can sync across all your Windows, Android, and iOS devices. It includes an actionable password-strength report and automatic password updates for popular sites. However, it lacks advanced features, such as secure password sharing, digital inheritance, and multi-factor authentication.
Scanning Options: Deep Protection With Flexible Scan Modes
When you click Security in the menu and then click Scans, Norton offers Quick, Full, and Targeted scans—and a lot more. As expected, a Full scan covers the whole computer, a Quick scan focuses on likely areas for malware, and a Targeted scan examines the drives or folders you select. Smart Scan, like the very similar feature in Avira Free Security and Avast One Essential, combines a quick scan with other scan types.
(Credit: Norton/PCMag)If you think you may have malware even after a scan, try the Startup Scan. This aggressive scan runs before Windows has fully loaded, so it gets ahead of persistent and pernicious malware. The app states, “This is the most thorough scan, so it can take a while.”
On my standard clean test system, a full scan took just under two hours, very close to the current average. Norton clearly performed some optimization tasks during that first scan. A repeat scan took just 80 minutes, cutting the time by roughly a third.
There’s also an option to create a rescue disk on a CD/DVD or a bootable USB drive. If malware prevents you from booting into Windows or keeps the antivirus from working, the rescue disk can be a lifesaver. Of course, the time to create it is right now, when you’re not having such problems.
(Credit: Norton/PCMag)Somewhat redundantly, you can get quick access to most of these scan choices by clicking the Scans panel on the right side of the screen. This lets you launch a Smart, Quick, Full, Targeted, or Startup scan. Clicking the Open Scans button takes you to the same full-page scans described above.
Lab Results: Perfect Scores Across the Board
Every antivirus claims it will protect you, but how do you know it works? One way to verify that claim is by checking results from independent labs around the world, labs whose research experts do nothing but test and evaluate security programs. The labs choose the programs they consider significant, and the security companies decide whether paying the testing fee is worthwhile for them. When an antivirus appears in reported results, you know it's worth a look. All five of the labs I follow report on Norton, a clear indicator of its relevance.
Testing experts at SE Labs capture real-world malicious websites and use a replay technique to run each selected antivirus through the same attack. The lab offers certification at five levels: AAA, AA, A, B, and C. Norton received AAA certification, along with McAfee, Panda, and Microsoft Defender Antivirus in the latest round of testing.
Where most labs report rating levels or numeric scores, London-based MRG-Effitas uses a system closer to pass/fail. Unless an antivirus exhibits near-perfect protection, it simply fails. In the all-types malware defense test, an antivirus that immediately defeats every attacker receives level 1 certification, while those that remediate all malware activity within 24 hours receive level 2 certification. Norton passed at Level 1, as did ESET and Malwarebytes. Avast, Microsoft, and Bitdefender attained Level 2.
Researchers at AV-Test Institute evaluate antivirus tools from three angles. Naturally, they rate the app’s essential ability to protect against malware attacks. But they also rate each app’s impact on system performance and examine how effectively it avoids labeling valid programs or websites as malicious (false positives). Antivirus utilities can earn 6 points for each of these criteria, for a maximum of 18 possible points. Well over half the antiviruses in the latest test scored a perfect 18 points, including Norton. Several others achieved 17.5 points, which is still sufficient to earn the title Top Product.
An antivirus that passes one of the many tests performed by the AV-Comparatives team receives Standard certification. The ones that do better than the basics, or much better, can receive Advanced or Advanced+ certification. Norton participates in all three tests I follow from this lab and currently holds Advanced+ certification in all three. Avast, AVG, and ESET also achieved a trifecta with this lab.
AVLab Cybersecurity Foundation is the most recent addition to my lab collection. This lab tests antivirus apps against active malware attacks and reports a simple percentage score. Norton is among the three-quarters of apps that reached 100%.
With all the different scoring systems, it's hard to get a clear overall picture of an antivirus app’s lab results. I've devised an algorithm that maps all the results onto a 10-point scale and combines them to yield an aggregate score. That’s easy with Norton, since its all-perfect score collection clearly works out to a perfect 10 points. Also tested by five labs, Avast reached 9.6. Bitdefender, ESET, and Microsoft participated n testing with four labs and earned 9.8, 9.6, and 9.3 aggregate points respectively.
Malware Defense: Excellent Protection With One Weak Spot
Even when the labs return positive, plentiful results, I still like to get a feel for the program’s malware protection capabilities through my own hands-on tests. My basic malware protection test usually starts when I open a folder containing a collection of samples I collected and analyzed myself. In previous tests, Norton started examining these samples right away. The current edition scans files just before they launch or after downloading. To test this edition, I tried downloading all my samples from online storage.
Norton intercepted most of the samples during the download process. In some cases, it identified the file as a PUP (potentially unwanted program) and asked my permission to quarantine it. Oddly, it requested a restart to clean up several of them. That should only be necessary after a malware file has launched.
(Credit: Norton/PCMag)Only a dozen or so files made it through to the download folder, and when I launched those, Norton’s behavioral detection caught most of them. In the end, it detected 97% of the samples and scored 9.7 out of 10 possible points. Avast and AVG scored the same, which is not surprising, considering that all three use the same antivirus engine. The very best score among apps tested with this same malware collection goes to Sophos Home Premium, with 9.9 of 10 possible points.
For another kind of test, I maintain a second set of samples. These start out as copies of the main set, but I then tweak them mercilessly, changing the filenames, appending zeroes to change the file size, and overwriting non-executable bytes with arbitrary text. An antivirus whose signature-based detection is too restrictive may miss these. Some, including Aura, UltraAV, and ZoneAlarm, missed more than half. Norton aced this secondary test, catching all but two of the tweaked samples.
The hand-analyzed samples in my malware collection remain the same for quite a while because it takes me weeks to obtain and curate a new set. To see how each antivirus handles the latest malware, I start with a feed of recent URLs hosting malware from MRG-Effitas.
Even though the URLs are no more than a few days old, I usually find quite a few have gone dark since discovery. For those that still work, I note whether the antivirus prevents the browser from visiting the dangerous page, wipes out the malware payload, or does nothing at all. In summing up the results, I give equal credit for URL blocking and for download deletion.
(Credit: Norton/PCMag)Norton’s Browser Protection blocked dangerous URLs, reporting its action in a pop-up notification and leaving the browser to display an error message. Last time around, a few got past Browser Protection only to be stopped in the browser by Norton Safe Web, which replaced the dangerous page with a warning. This time, Browser Protection hogged all the glory.
Out of 100 verified malware-hosting URLs, Norton blocked access to just 4%. It wiped out another 70% during or immediately after the download, bringing the total to 74%. That’s a seriously poor score, especially given that Norton tends to reach (or come close to) 100%. Initially, I thought perhaps Safe Web wasn’t enabled, but my phishing protection test, described below, showed that wasn’t true. In addition, when I repeated the malicious URL test using the Web Shield built into Norton Private Browser, it scored 91%. I’m assuming Norton’s low score was a fluke—I’ll be watching for improvement next time.
Up at the top end of scores, near Norton’s usual position, Avira scored 100% in its latest iteration of this test. Aura, Emsisoft, Sophos, and UltraAV all reached 99%.
Phishing Protection: Flawless Defense Against Fake Sites
Writing a malicious program that can steal personal data without triggering antivirus defenses is complicated. Creating a website that looks like a major bank and hoovering up hapless netizens' login credentials who don't notice the chicanery is simple. Phishing fraudsters set up fake versions of financial sites, online games, and even dating sites, capturing as many passwords as they can before the sites are blocklisted. When one site gets busted, they just spin up another fake.
Yes, a clever consumer can learn to spot these fraudulent websites, but we can’t all be vigilant all the time. Antivirus assistance with phishing detection is most welcome.
(Credit: Norton/PCMag)Because phishing sites are so ephemeral, a successful defense can't rely solely on blacklists. For testing purposes, I gather reported phishing URLs from sites that track such things, making sure to include some that are too new to have been analyzed and blocklisted. I launch each suspected fraud in a browser protected by the antivirus I'm testing and simultaneously in Chrome, Firefox, and Internet Explorer, using just the phishing protection built into each browser. I discard any page that doesn't load correctly in all four browsers, and I verify that each page is a true phishing fraud, a fake version of a secure site that actively attempts to capture login credentials.
As with the malware-hosting URLs, Browser Protection caught most of the phishing frauds. In just a couple of cases, the page got past Browser Protection only to be caught by Norton Safe Web. Out of more than a hundred verified phishing pages, Norton fended off 100% of them. In a parallel test under macOS, Norton scored precisely the same. In both cases, it beat the built-in phishing protection in the browsers by a wide margin.
Norton isn’t the only app to hold a perfect 100% in this test—it’s one of almost a dozen. Among others with a 100% phishing score are AVG, Bitdefender, McAfee, and Surfshark One.
(Credit: Norton/PCMag)In past years, a Norton feature called Scam Insight has popped up to warn about pages that, while not actively fraudulent, request personal information and exhibit suspicious characteristics. I didn’t see this feature in action, but I did spot a couple of warnings about fake e-store pages and potential scams.
Smart Scan: Security Checkup Plus Performance Cleanup
Those familiar with security apps from Avast, AVG, or Avira have already encountered a smart scan offering. This scan checks multiple areas of your PC at once. For example, Avira’s smart scan checks for privacy issues, performance problems, malware, outdated apps, and network threats. Avast checks for malware, browser security problems, and junk files.
(Credit: Norton/PCMag)Norton’s Smart Scan starts with a quick malware scan. It follows that a network scan is useful, though admittedly more relevant in Norton’s suites that include VPN. The final segment is a scan for “advanced issues.” On my test system, this scan turned up many hundreds of performance issues. However, clicking to fix the problems simply brought up an offer to purchase Norton Utilities Ultimate. As with similar upsells in Avast and AVG, rejecting the fix prompts an offer for a free 60-day trial of the app.
Safe Search: Warnings Before You Click Dangerous Links
Norton encourages you to install Safe Search in all your browsers. In Safe Search’s results, you see green, orange, red, or gray icons next to the links. As you might guess, these identify safe, iffy, dangerous, and unknown URLs. You can click an icon to open a pop-up with more details, then click the pop-up to open a full report at the link.
(Credit: Norton/PCMag)Previously, the Safe Web feature extended markup to results from popular search engines such as Google and Yahoo. By observation, it no longer does so. According to its settings page, Safe Web marks up links in Twitter and Facebook feeds, as well as in web-based email. It doesn't clutter your feeds with icons, but it highlights any dangerous links in red. Pointing at a highlighted link triggers a pop-up warning, as seen in the screenshot above.
Private Browser: Stronger Web Protection for Safer Browsing
Those willing to switch from their favorite browser can gain additional security by using Norton’s Chromium-based Secure Browser. It comes with the password manager installed, as well as Norton Coupons. Norton Safe Web doesn’t appear because this browser’s built-in Web Shield takes its place.
Quite a few extras appear on the built-in Security & Privacy Center page, which has undergone a radical redesign since my previous review. The page is now divided into four regions: Browser Modes, Security Check, Settings, and Tools. In between the regular browser mode and the private mode (equivalent to Incognito in Chrome or InPrivate in Edge), there’s a mode called Screen Sharing. This mode hides sensitive browser elements so you can share your screen without risking a privacy breach. As for Security Check, it reports statistics on blocked phishing sites and intercepted dangerous downloads.
The Settings and Tools regions link to the same collection of features found in the previous version of this browser. They are: Extension Guard, Norton Security, Password Managers, Privacy Cleaner, Privacy Guard, Private Mode, and Web Shield.
(Credit: Norton/PCMag)While this looks like an impressive collection, most of these extras don’t offer much. Clicking Norton Security just opens the antivirus, and Password Managers pointlessly lets you swap between using Norton’s password manager and the browser’s built-in password feature or turn both off. As for Privacy Cleaner, it’s almost identical to Chrome’s Clear browsing data feature and can be accessed with the same Ctrl+Shift+Del key combo.
Extension Guard is a bit different. It promises to block untrusted browser extensions. Of course, these extensions would first have to pass the real-time antivirus. I didn’t find a way to test this feature.
I mentioned that Secure Browser doesn’t include the Safe Web extension that Norton provides for other browsers. Rather, its Web Shield component replaces Safe Web. Based on past experience, I did not assume that Web Shield and Safe Web would perform the same, so I repeated my malicious URL-blocking test using the private browser.
Similar Products
Our Current Picks for The Best Antivirus Software for 2026
(Credit: Norton/PCMag)I found that Norton protects against malware downloads in four ways. First, in some cases, Web Shield replaced the dangerous page with a big warning page. Not red like Safe Web—this one’s more of a chocolate brown. Second, the private browser simply blocked the download of some files. Clicking such a file in the downloads list revealed a simple note warning that it is dangerous.
(Credit: Norton/PCMag)The other two ways just involved Norton AntiVirus popping up to say it quarantined a dangerous file or blocked access to a dangerous website. I saw these two aplenty when I ran this test using Chrome with Safe Web.
This test is never exactly the same twice, as it always uses the most recent malware-hosting URLs. Still, it’s impressive that Private Browser scored so much better. It prevented access to 12% of the dangerous URLs and blocked the malware download for another 79%, yielding a total of 91% protection. That’s way better than the 74% score achieved by Chrome with Safe Web.
Out of all the Private Browser special features, Privacy Guard is the most significant. It’s an ad and tracker blocker with more flexibility than most. Out of the box, at its Basic level, it blocks items that “disrupt your browsing experience.” Notching up to the Balanced level blocks more ads, as well as social media ads. At the Strict level, it blocks ads, trackers, browser notifications, and browser fingerprinting.
(Credit: Norton/PCMag)Note that if you do select Strict blocking, the browser pops up a plea asking you to relent and not block “partners that fund us through…user-friendly ads.” For example, Bitdefender’s Anti-Tracker breaks down blocked ads by category and lets you choose its response at the category level. Tracker defense in the IronVest privacy tool shows which trackers it blocked and lets you exempt specific trackers or sites from its scrutiny.
Ransomware Defense: Strong File Protection With Some Limits
Quite a few security tools protect against ransomware by preventing all unauthorized programs from modifying protected documents. Panda goes further, even preventing unauthorized read-only access. Norton's Ransomware Protection feature prevents malicious programs from modifying documents in specified directories.
That's an important distinction. The more common protection against all unauthorized programs means you may have to add a new video editing suite or word processor to the trusted list. Norton leaves them alone because they're not malicious. By the same token, I couldn’t use my hand-coded test programs (an unauthorized tiny text editor and a file-encrypting ransomware simulator) because they’re not malicious.
To properly test Ransomware Protection, I had to use real file-encrypting ransomware. Norton's real-time protection eliminated all those samples on sight, so I turned off ordinary real-time protection, copied the samples back to the test system, and launched them one by one. After a couple of false starts, I found I had to turn off behavioral detection and exploit protection as well.
(Credit: PCMag)Two of my ransomware samples affect the entire disk: one encrypts it, and the other simply wipes all data. Norton’s ransomware protection is designed solely to prevent file encryption, so it did nothing against these.
Ransomware Protection detected all the file-encrypting samples except for two that didn’t take any action. In most cases, it reported that it prevented modification of protected files and asked for confirmation to block the responsible program. A few times, the activity reported involved trying to access browser credentials. In either case, choosing Block simply blocked the reported activity, without terminating the program involved. As a result, some triggered multiple warnings.
(Credit: Norton/PCMag)This type of protection only works with specific folders and file types. Every single detected ransomware sample managed to encrypt some files in unsupported locations or files of unprotected types. Shortcuts and applications aren’t protected by default, and some got whacked by ransomware. Files encrypted in unprotected folders ranged from just two to more than 24,000. Half of the detected samples posted ransom notes despite Norton’s efforts.
(Credit: Norton/PCMag)Some competitors rely on behavioral detection rather than limiting access. Bitdefender and Sophos proved particularly effective. Only one ransomware sample managed to encrypt files (just two) before Bitdefender whacked it, and Ransomware Remediation restored those two. If you’re going to rely on Norton for ransomware protection, review its settings to be sure it’s protecting all the folders and file types that are important to you.
Remember, this test takes place with all normal real-time protection turned off. Ransomware Protection normally works alongside other protective layers. The fact that it correctly protected my test documents from all but one of the samples is impressive.
Firewall: Advanced Network Security Without the Annoying Pop-Ups
Most security companies reserve firewall protection for their security suites, but Norton doesn't. This antivirus includes a full-scale firewall that protects against external attacks and prevents local programs from misusing your internet connection.
The first personal firewall utilities relied entirely on the user to decide whether a given program should be allowed to connect to the network. Typically, they'd bombard the poor user with overly detailed queries. Should IAmNotACrook.exe be allowed to connect with 13.32.230.40 using port 1968? Back then, some hapless users just clicked Allow every time. Others clicked Block every time until doing so broke something important—then they switched to clicking Allow every time.
Relying on the uninformed user for these important security decisions isn't smart. Instead, Norton uses a large online database to configure network permissions for a wide range of known-good programs. Of course, known bad programs get quarantined on sight.
As for unknowns—programs that don't fit either category—Norton's behavior-based detection system puts them under heightened scrutiny. If it finds that the unknown program is misusing its network connection or otherwise misbehaving, it quarantines the program, where it belongs. Webroot likewise puts unknown programs under enhanced scrutiny, but it also journals all program actions and rolls them back if the program proves to be a stinker.
(Credit: Norton/PCMag)Firewall settings are deliberately buried, not immediately visible. You must choose Security from the left-hand menu, click the Advanced Security panel, and then click Smart Firewall. Since the average user shouldn’t touch these settings, this makes sense.
For testing purposes, I set the firewall to prompt about new programs rather than automatically configure their permissions. The pop-up query flags apps as having a digital signature or not, and as being trusted or not. You choose whether to allow or block the connection. By default, your choice affects every connection by the program in question, but you can limit it to only outgoing connections or only a specific port. By default, your choice is recorded as a rule and persists forever, but you can choose to make it a one-off or have it persist only until a reboot.
Fortunately for most users, firewall pop-ups are very rare. I did manage to see one without tweaking firewall settings. My tiny hand-coded test browser got a warning because it’s not digitally signed and because Norton’s vast network has seen it very few times. As with the firewall in ZoneAlarm Extreme Security, pop-up alerts are rare. If you see an alert from the firewall, pay attention because it’s an unusual occurrence.
(Credit: Norton/PCMag)It’s always possible you might make a mistake responding to the firewall pop-up. Even if you didn’t hit Allow when you meant Block (or vice versa), there are several other configuration choices. Never fear; you can always dig into the Program Control list within the main Norton app and fix any errors.
Firewall protection and security suite protection in general aren't much use if a malicious program can turn them off or kill them. I always run a simple sanity check, trying various methods to shut down protection using techniques available to a malware coder. Norton doesn't expose important settings in the Registry, so I couldn't just find the protection switch and change On to Off, the way I did when I evaluated G Data Internet Security.
(Credit: Norton/PCMag)I found a baker’s dozen of processes running to support Norton’s protection, but I couldn’t terminate any of them—I got an Access Denied message every time. Even the update proceed for Private Browser was protected. Looking at Norton’s essential Windows services, all but one had the option to stop the service disabled. Trying to stop the remaining one caused a big warning notification, requiring user permission to stop the service. When I attempted to change any of them to launch in a disabled state, I got Access Denied once again. Protecting essential processes and services makes sense, but not all firewalls manage it.
(Credit: Norton/PCMag)Most users should leave firewall settings strictly alone, but a quick look doesn't hurt. A peek reveals settings for the Wi-Fi Security feature that go way beyond merely notifying you when you connect to unsecured Wi-Fi. Norton actively hunts down and foils man-in-the-middle attacks, DNS spoofing, content tampering, and other network-based threats.
Advanced Settings: Powerful Tools for Power Users
As noted, you can access the firewall component's settings on the Advanced Settings page. This is also where you configure ransomware protection and Safe Web. Keep digging, and you’ll find there’s a lot more to advanced settings.
Sandbox: Run Suspicious Apps Safely
The Sandbox feature is a virtual environment that lets suspect programs run without making any permanent changes to your computer or files. You can right-click any program and run it in the Sandbox for a quick look or set it to permanently run in the Sandbox. When you shut down the sandbox, all actions by the iffy program vanish. By default, sandboxed programs can access the internet and download files that don’t vanish, but you can remove these privileges. Really, though, for most users, the best way to handle a suspect program is just to delete it. I don’t imagine this feature gets much use.
Exploit Protection: Shields Against Vulnerability Attacks
Alongside firewall protection, Norton offers exploit protection, typically a suite feature, at the standalone antivirus level. This component monitors network traffic for patterns matching exploit attacks and blocks them below the browser level. The regular antivirus component also watches for files related to exploits.
(Credit: Norton/PCMag)This test uses exploits generated by the CORE Impact penetration tool. I launch about 30 exploits against the test system and note the security utility’s response to each. Norton’s scores have varied wildly in past tests. Its detection rate has reached 85%. In the current test, it detected and identified 15% of the exploits by their official CVE names and flagged another 10% with a more generic description, for a total of 25%. Scores on this test have generally been trending downward. The best recent scores go to G Data, Vipre, and Bitdefender, all over 50%.
That’s not to say the exploits breached my test system. Even the exploits that weren’t caught didn’t succeed, as the vulnerabilities have been patched. It’s possible that Norton has dropped detection of older exploits whose targets are no longer current.
AI Agent Protection: Security for AI Coding Tools and Agents
New to advanced settings since my last review is AI Agent Protection. On the page, it states that it “keeps your AI tools safe,” specifically Cursor, Claude Code, and OpenClaw. That’s true, but it’s not really part of the antivirus. Clicking to set up protection takes you to an online project called Sage, which, like Norton, is owned by Gen Digital.
(Credit: Norton/PCMag)I’m not the AI expert, so I can’t really test this, but I checked in with colleagues who have more experience. PCMag's AI analyst, Ruben Circelli, notes that the problem of LLMs accessing dangerous URLs and performing dangerous actions is undoubtedly real. He did express concern that the protective layer might “burn a lot of tokens.” Other members of our AI team noted that CrowdStrike’s AIDR (AI Detection and Response) tool is similar, and that the field of security add-ons for agentic AI is growing.
If you’re just an average consumer, you’re not going to get anything out of this feature. And if you do work with agentic AI, you can use Sage without having to purchase Norton’s antivirus. It seems to me that the purpose behind adding this feature to the antivirus is simply to get people thinking about the need for security with agentic AI.
Cloud Backup: Basic But Useful Protection Against Data Loss
The current Norton lineup offers online backup at every level, starting with the standalone antivirus reviewed here. Granted, you get just 2GB of online storage with the antivirus, but that may be enough to back up your most essential files. Backup serves as the ultimate security against ransomware and any other destructive attacks that might get past antivirus defenses.
(Credit: Norton/PCMag)For many, many years, Norton offered both local backup and online backup, but with the change to the current user interface, it dropped local backup. That change limited the usefulness of the backup system, especially with just 2GB of cloud storage. Longtime users complained to me that they couldn’t add new files to local backups and that the restore feature was disabled. Never fear, fans—local backup is back! I’ll discuss it in detail below.
(Credit: Norton/PCMag)Each of your Windows devices gets its own online backup, activated automatically during installation. By default, it backs up Desktop, Documents, Music, and Pictures, but you can add any other folders where you store important files. Digging into settings, you’ll see that backup isn’t limited to these folders. It automatically backs up contact information, notes (though it doesn’t define what notes are), and files containing sensitive information, such as banking details and passwords. By default, Norton automatically syncs your backup set once a day. Your only scheduling option is to disable automatic sync and back up manually.
The old backup system maintained multiple file versions, allowing you to go back to an earlier version as needed. By observation, the new system does not. If a damaged version of a file gets backed up, you can’t recover an earlier version.
(Credit: Norton/PCMag)As noted, Norton previously released a version that totally omitted local backup. Perhaps in reaction to user complaints, the devs brought back local backup. Creating a local backup job (you can have more than one) is simple. Give it a name and specify the location, which can be a local, network, or removable drive. Select the files and folders that should be backed up. Save the job. You’re done! Just remember to run the local backup regularly, since I couldn’t find a scheduling system.
(Credit: Norton/PCMag)Restoring backed-up files is still simple. Choose the files or folders you want to restore and pick a destination for the restored files. By default, they go to their original location, potentially overwriting existing copies, but you can select any folder you like for restored files.
Norton’s suites offer significantly more storage for backups, ranging from 50GB for the Norton 360 Deluxe suite to 500GB for the top-tier Norton 360 With LifeLock Ultimate Plus. However, at all levels, the current version’s backup capabilities are somewhat diminished, with no more multiple backup jobs and no version management.
Software Updater: Automatic Patching for Better Security
It may not be obvious, but keeping software up to date is a security issue. Hackers poke and prod popular programs, looking for security weaknesses and exploiting them to enhance the malware they code. Developers of these programs respond by working up a patch for the security hole. And you get absolutely no benefit from that patch unless you install the update.
Norton’s Software Updater component used to be a separate app, but it’s now integrated. You reach it by clicking the corresponding panel in the My Norton list on the right side of the home screen.
(Credit: Norton/PCMag)After a quick scan, the Software Updater reports on any programs that need your attention, flagging each with a risk level. On my test system, it found six programs with available updates. You really don’t have to worry about those risk levels, though. Just click the Update button beside each item and sit back while Norton does the work. During testing, I found that most updates required a restart to complete their work.
Once you’ve addressed any missing updates, consider flipping the Auto-Update switch. In this mode, Norton periodically checks for available updates. For supported programs, it installs the update automatically; for others, it lets you know that attention is required.
Norton Genie: AI-Powered Scam Detection
The free Norton Genie for mobile devices has been around for several years. Now it’s available right inside Norton AntiVirus. Norton wants to make sure you notice this addition, so you’ll get a prompt soon after installation.
(Credit: Norton/PCMag)Clicking the link in the invitation takes you to the Scam Protection page. You can also reach that page at any time from the Security page—it’s one of the options in the bottom part of the window.
(Credit: Norton/PCMag)The main focus of Scam Protection is the Genie link at the top. Here you can present an image of a suspect message or text, drop in a YouTube link to check for deepfakery, or just ask Genie a question. The deepfake checking is in “early access” mode, which I take to mean it’s in beta. When I tried it with a well-known fake of President Obama, devised by Jordan Peele, it deemed the clip safe, free of malicious content. That’s reasonable, given the point of the clip is to show the dangers of deepfakes. Alas, I don’t have a real malicious deepfake video handy for testing.
(Credit: Norton/PCMag)This page also reports on Safe Web activity and links to Private Browser. It offers a link to install Safe SMS protection on your phone. The latter means Norton filters your text messages and flags scams before you even see them. You’ll find another set of interesting features listed: Safe Call to block scam phone calls; Safe Email to filter out scam emails, Scam Support from experts if you need it; and Scam Reimbursement to cover up to $10,000 in scam losses. However, none of these are available unless you pay extra for Scam Protection Pro.
Performance Tools: Useful Extras to Keep PCs Running Smoothly
You can also reach the Software Updater from the Performance page, which also presents File Cleanup, Startup Manager, and Optimize Disk.
(Credit: Norton/PCMag)Many programs are configured to launch every time you boot up the computer, and it doesn't always make sense to have them sucking up system resources when you're not using them. Norton's Startup Manager, launched from the Performance page, lists startup programs along with information on resource usage and prevalence in the Norton community. You can either disable a program so it doesn't launch at startup or set it to launch after a small delay.
(Credit: Norton/PCMag)Modern Windows versions work in the background to undo the disk fragmentation that naturally occurs as you create and delete files. Even so, Norton offers its Optimize Disk feature on the Performance page. When you launch this component, it first analyzes the drive for fragmentation and proceeds only if defragging would be worthwhile.
If your PC seems sluggish, try launching the File Cleanup tool, but don't expect the thorough cleaning you get with a full-scale tune-up utility. The cleanup component simply deletes Windows temporary files and browser temporary files.
Final Thoughts
(Credit: Norton)
Norton AntiVirus Plus
Norton AntiVirus Plus is a highly effective antivirus that combines top-tier malware protection with a strong firewall, backup tools, ransomware defenses, and extra security features that make it worth the cost for anyone who wants more than basic antivirus coverage.