McAfee AntiVirus: The Good and the Bad

  • PROS

    • Security for all your Windows, macOS, ChromeOS, Android, and iOS devices
    • Excellent scores in our hands-on tests
    • Virus protection pledge
    • Protection Center encourages improving security
  • CONS

    • Antivirus missed one modified ransomware sample
    • Several long-standing features slated for removal
    • Very slow full scan on Windows
    • Protection Center not fully functional without suite-level features
    • Mac edition lacks many features found under Windows


Application Privacy Scan×
Behavior-Based Detection
Blocks Unwanted Calls×
Malicious URL Blocking
On-Access Malware Scan
On-Demand Malware Scan
Pairs With Android Wear×
Phishing Protection
Rates Apps in Play Store×
Snaps Photo of Thief×
Vulnerability Scan
Warns of Insecure Wi-Fi
Website Rating

Not just Windows-based computers need antivirus protection; all of your devices do too. Therefore, selecting an antivirus that is compatible with all popular platforms makes sense. It also makes sense to select one that doesn’t place a cap on the number of devices you can secure. That kind of program, like McAfee AntiVirus Plus, is exactly what a multi-device household needs.

Although many of its features are scheduled for removal, it comes installed on Windows and offers many features beyond simple antivirus. A significant number of features have also been removed from the completely redesigned mobile apps. This modification is in line with McAfee’s recent emphasis on safeguarding your identity over your devices, but you won’t fully benefit from this emphasis until you use the company’s security suite products. Nevertheless, McAfee AntiVirus Plus provides excellent protection for all of your devices, earning it the Editors’ Choice award for antivirus software.

What Is the Price of McAfee Antivirus Plus?

Unlimited McAfee licenses cost $64.99 per year, up $5 from the previous price of $59.99. This implies that you can add security to every piece of technology in your home. Windows, macOS, Android, and iOS have all long been supported by McAfee. The most recent version adds security for laptops with ARM processors and ChromeOS devices. One of the few other security programs that supports ChromeOS is Trend Micro Maximum Security.
Ten licenses may be mentioned in descriptions on the McAfee website or on product boxes. Relax, you truly receive an unlimited number of licenses. According to my McAfee contacts, “unlimited” confuses some customers when lining up against other product boxes in a store, so they choose to display the number 10 in its place.

Unrestricted licensing is unusual. The majority of rival businesses offer subscriptions for one, three, five, or ten licenses. For instance, paying a little less per month than McAfee gets you ten licenses from Sophos, three from Bitdefender, ESET NOD32 Antivirus, or Kaspersky Anti-Virus, and just one from Norton. You can purchase a one-device license for several antivirus programs, including Bitdefender, Webroot, and Trend Micro, for about $40 per month. McAfee’s pricing beats them all with unlimited licenses.
Naturally, you effectively have an unlimited license when using a free antivirus. For instance, Avast One Essential, a streamlined version of Avast One, is free and offers protection for all four well-known platforms.


How to Install McAfee AntiVirus Plus

You must first activate your license key online before you can install McAfee. You receive a McAfee Virus Protection Pledge if you set up your account for automatic renewal. In other words, if any malware manages to bypass the antivirus, McAfee experts guarantee to remotely fix the issue; this service typically costs $89.95. In the unlikely scenario that the professionals are unable to remove the malware, the business will refund your purchase price. Both Norton and Check Point ZoneAlarm Extreme Security make a comparable guarantee.

Now that the housekeeping has been taken care of, the product can be downloaded and installed. I’m glad I didn’t have to hold the installer’s hands throughout the installation. Once installation is complete, the product immediately begins to protect you. During testing, I did experience a bug, which my McAfee contacts traced to a transaction with my Comcast Xfinity ISP. It’s not ideal that the installation could only be finished while I was connected through a VPN.

Since selling off its enterprise business unit, McAfee has solely focused on serving customers. That focus is one that its architects and planners take very seriously. To support that new focus, McAfee AntiVirus Plus underwent a complete makeover, and since my previous review, it has undergone additional changes. Even so, a banner at the top of the main window still offers helpful details about recent events or necessary actions. Instead of three panels for PC, Web, and Identity below that, there are now six panels. These are Tracker Remover, Protect More Devices, Check your Protection Score, Browser Security, and Secure Apps.

A straightforward set of icons for Home, My Protection, Protection Score, Account, Help, Settings, and Feedback can be found on the left side of the main window. Below, I’ll go over the Protection Score system. A menu of all available protection features is displayed when you select My Protection.

The Android and iOS mobile apps have both undergone similar updates since my previous review. Instead of three apps, McAfee’s security has been incorporated into one. Mac users must make do with the outdated interface for the time being. A planned update, according to my contacts at the company, is not a top priority.

Excellent Lab Results

I follow four independent antivirus testing labs that regularly publish reports on their findings. Three of the four currently include McAfee when they round up products for testing, which is a good sign. It means that they consider it a significant product, worthy of their testing efforts. McAfee’s test scores range from perfect to merely good.

Testing experts at AV-Test Institute rate antivirus products on how well they protect against malware, how light a touch they have on performance, and how little they interfere with usability by wrongly flagging valid programs and websites as malicious. An antivirus can earn six points each for Protection, Performance, and Usability, for a maximum of 18 points. McAfee earns that top score in this lab’s latest test. But then, more than two thirds of the tested products hit that mark, among them Avast, Kaspersky, and Norton AntiVirus Plus.

Researchers at SE Labs use a capture and replay system to challenge multiple antivirus tools with identical web-based attacks. Products can earn certification at five levels, AAA, AA, A, B, and C. In the latest round of testing, all the tested products receive AAA certification, McAfee among them. Other products that reach the AAA level include Microsoft, Norton, and Webroot SecureAnywhere AntiVirus.


Three of the tests that AV-Comparatives regularly publishes are the ones we track. Products are certified as Standard after passing a test. Successful candidates may receive an Advanced or Advanced+ rating. Norton and McAfee both receive one Standard and two Advanced+ certifications. In the most recent reports from all three tests, Avast, AVG, and Bitdefender Antivirus Plus are the only products to receive an Advanced+ rating.

I’ve created an algorithm that converts each lab score to a scale of 0 to 10, producing an overall lab score from 0 to 10. The overall rating for McAfee is 9.7, which is excellent. Among the three labs’ tested products, Kaspersky performs slightly better, earning 9.8 points, while AVG and Bitdefender both score a perfect 10. Avast received the highest rating (9.6) among the few products that were examined by all four labs.

Excellent Results in Our Tests for Malware Protection

I test every antivirus program personally for malware protection in addition to comparing the outcomes from independent testing labs around the world. Hands-on testing is necessary because some of the products I test don’t appear in any of the lab reports. This procedure gives me the opportunity to see antivirus protection in action, even for a product like McAfee that has been examined by three labs.

I begin by opening a folder containing a selection of malware samples that I have manually gathered and analyzed so that I am aware of the potential harm they can cause. The minimal access that occurs when Windows Explorer checks the file’s name, size, and other details is sufficient for many antivirus programs to start an on-access scan. I had to launch each sample and observe McAfee’s response because it doesn’t scan until the sample is launched.

When McAfee was put to the test using the most recent malware collection, it detected nearly every sample right away. In the majority of cases, I observed a Windows error message followed by a warning that McAfeee had quarantined a threat. After launch, it caught the remaining samples, though it only completely prevented one installation. McAfee outperformed almost every other product tested with the current sample set, detecting 98% of threats and scoring 9.7 out of 10. G Data Antivirus, ZoneAlarm, and Norton all scored 9.8 points, with Norton taking the top spot.
I don’t switch to a new set of samples very frequently because it takes a lot of time to gather, organize, and analyze a new set. I use a feed of the most recent discoveries from MRG-Effitas to get a perspective on how antivirus programs currently handle malware that is out in the wild. This feed consists of a simple list of URLs that host malware that have recently been found in the wild. The list is fed into a quick program that launches each URL and makes it simple to note whether the antivirus prevented access to the URL, stopped the malware download, or did nothing.


The WebAdvisor feature of McAfee blocked 10% of the URLs in a number of different ways. For some, it sent the user’s browser to a warning page labeled Risky or Suspicious. Others found that it prevented their browsers from even starting, alerting them that “something was trying to hijack one of your apps.”

The download stage was reached by the remaining 90%, at which point McAfee slid a banner into the browser and declared its intention to scan the download “just to be safe.” Only a few times did it ask my permission to block a download that appeared to be dangerous, and each time I said yes. 93% of the URLs were altogether blocked by McAfee at the download stage, or 83% of them.
That sounds pretty good, but McAfee consistently scored 100% in many earlier tests. When tested using the same set of URLs, Norton’s score decreased from 100% to 94%. Sophos, Trend Micro, and ZoneAlarm received the highest scores in their most recent malicious download tests, all with 100% protection.

Scheduling and Scans

You should always perform a full scan after installing a new antivirus. The duration of the preliminary scan varies considerably. This time, McAfee took the longest of the currently available products—more than two hours and 53 minutes—to finish its initial full scan. That’s not surprising because the last time I tested it, it took well over two hours. The initial scan’s optimization enabled a subsequent scan to complete slightly quicker—in two hours and 16 minutes.

The majority of competing products took less time to scan initially, and many improved even more on a second scan. For instance, Trend Micro reduced its scan time from 93 to 3 minutes, and Vipre Antivirus Plus’ second scan took 16 instead of 100 minutes to complete.
In theory, real-time antivirus should be able to handle new threats, so you only need to perform that laborious full scan once. However, as a second line of defense, McAfee plans a thorough scan every two weeks. Change to scanning once per week or once per month, or make up your own unique schedule.

Effective Phishing Defense

The creation of a Trojan that can steal user account credentials necessitates the invention of methods for evading multiple antivirus layers and the operating system’s built-in security measures. That is only the beginning and is not an easy task. To find those credentials and call them home, the Trojan still needs code. Simply tricking the user into disclosing their credentials is much simpler. Phishing is also platform-independent. Whether it’s a Chromebook or a gaming console, any device with a browser has the potential to be your undoing. Even if you are skilled at spotting these frauds, it only takes one slip-up.

Phishing scammers build websites that impersonate sensitive websites and disseminate links via spam, malicious ads, and similar tactics. No secure website is safe—bank websites, online casinos, dating websites. You have given the scammers access to your account if you log into the fake website. Such websites are quickly blacklisted, but the criminals simply create new ones.

I test using the most recent phishing sites that have been reported and scraped from websites that track them because phishing pages are ephemeral. I make sure to include reported frauds as well as those that have been verified but have not yet undergone analysis. As a result, the antivirus is under pressure to heuristically scan websites for frauds rather than relying on a blacklist that is constantly out of date.

I open each URL simultaneously in four different browsers, beginning with the first that is tested to be protected. The security features of Chrome, Firefox, and Microsoft Edge are relied upon by the other three. I go through hundreds of reported phishing URLs, eliminating any that one or more browsers can’t access and any that aren’t verifiable frauds involving the theft of credentials.

I had the exceptional chance to test a number of Windows and macOS products using the exact same set of phishing URLs. Avira increased from 91% to 96%, while McAfee decreased from its previous 100% score to a respectable 94%. With 100% detection in their most recent tests, Bitdefender, Trend Micro, and ZoneAlarm are at the top of the list.

At the same time, I conducted my phishing test using McAfee’s macOS version. It is obvious that this is not using the same software as the Windows version. It received a slightly higher score—97%—but there were clear differences in how frauds were handled and how missed sample counts were allocated. Additionally, the information page that appears after steering the user away from a phishing scam is simply broken and contains no helpful information.

evaluating ransomware defense

The ransomware protection feature of McAfee is not readily apparent. It’s merely an additional layer of protection in real time. According to McAfee, the antivirus monitors a ransomware attack’s behavior if the regular security doesn’t detect it. It creates protected copies of those files and intensifies its vigilance at the first inkling of an attempt to encrypt files (what McAfee refers to as “file content transformation”). It quarantines the program and restores the files from backup when it is certain that the program is actually ransomware. Similar activities are performed by Trend Micro Antivirus+ Security.

When it’s feasible, I disable real-time protection and only activate the ransomware component to simulate the zero-day potential. However, similar to Trend Micro, disabling real-time protection also turns off the ransomware component.

I keep manually altered versions of each sample so I can test how flexible malware detection is in real time. McAfee, however, also blocked all modified versions. I produced a fresh batch of modified samples that were marginally unique from the prior batch and thus had never been precisely observed before. Four of the twelve samples were identified by name by McAfee as ransomware. Seven more were discovered to be generic malware. And yes, there is still one that it completely overlooked. My test system was ripped apart by the ransomware, which encrypted everything from desktop shortcuts to the contents of the Documents folder. That surprised me.

For another perspective on McAfee’s abilities to combat ransomware, I turned to KnowBe4’s RanSim ransomware simulator. This tool simulates 10 real-world ransomware scenarios and employs two safe encryption methods. The launcher and data collection parts of RanSim were initially placed in quarantine by McAfee. However, it appears that the exclusion list does not apply to the component that reports “We stopped something dangerous” even after I restored them, added them to the exclusions list, and tried again. It is frequent to discover that my antivirus software prevents me from running RanSim.

In this straightforward test, McAfee showed that it is capable of identifying ransomware as such, despite typically just classifying it as generic malware. But it’s concerning that even with all antivirus components turned on, it missed one modified sample.

Discreet Firewall

Firewall protection is typically only included in full-featured security suites, but McAfee includes it right in the standalone antivirus. During testing, the firewall successfully concealed every port and held off the web-based assaults we launched at it. This test only matters if a third-party firewall fails it because the built-in Windows Firewall can accomplish the same thing.

Those of us who have been around for a while still recall the early personal firewalls and their frustrating, confusing queries. Allow or block SpecialMaster.exe from connecting to URL on port 8080? Ever or just once? Simply put, consumers lack the expertise to respond to those queries. Some always permit entry. When they break something, others always click block before switching to allow. It is an inefficient system.

McAfee does not rely on the inexperienced user to make these decisions, like Norton, Bitdefender, and other security software. The firewall makes decisions on its own in Smart Access mode by default. If pop-ups make you nostalgic, go into the settings and switch Smart Access to Monitored Access. Not at all. Yes, there are numerous configuration and fine-tuning options for the firewall, but the average user should avoid using them.

Since I am not a typical user, I did experiment with some of the settings. I enabled Monitored Access and observed that the firewall duly prompted me for action whenever a seriously off-brand browser (one I had written myself) attempted to connect to the internet. I could either block access completely or allow it once. I was a little taken aback to see that Opera and Windows Defender SmartScreen were also asked if they could access the site, but once again, most users should disregard this feature.

If a malware coder can design an attack to disable a firewall, then the protection it provides is of little use. I attempt to disable protection using methods that a programmer could use as part of routine firewall testing. Since McAfee prevents any modification to the Registry data it adds, I was unable to disable protection by adjusting the thousands of values and hundreds of keys it adds.

The software had 14 processes, which I attempted to kill, but it kept them all alive. Its seven essential Windows services were all protected, but I was able to halt and disable the WebAdvisor service and the other two. It is obvious that developers understand how to safeguard processes and services. Why not give them all protection, as I’ve argued in numerous prior reviews?

Features That Are Leaving

Some hackers use their skills to identify security flaws in widely used applications or even operating systems and then use those flaws to develop security-breaching attacks. Software companies close these security gaps as soon as they can in opposition to them. However, unless you, the user, apply those security patches, the security defenders’ diligent work is useless. The vulnerability scanner by McAfee alerts users to products that require security updates. On the home page, select Secure Apps to access it.

When possible, McAfee Antivirus Plus automates the update process, just like Avast One and Avira Total Security Suite. Simply select the Install Updates button, then relax. You are still better off for the ones it did automatically fix even if it can’t automate the installation of one or two updates and you have to manage the update yourself.

But none of that matters because you won’t have access to this component for much longer. This feature will be eliminated beginning in September 2022 to make room for new types of protection, according to an informative banner on its page. Additionally, the My Protection list on the left menu, which can be opened to access the App Boost and Web Boost features, will soon be discontinued.

My Home Network is a network feature that McAfee has long bragged about. It used to be able to pair computers with McAfee protection for remote management and identify network devices without McAfee protection, but those features have since been dropped. My Home Network is currently scheduled for removal as well.

It makes sense that McAfee would decide to get rid of features that are hard to maintain or don’t get much use. I enquired about the “new types of protection” that would take the place of the departing features with my company contacts, but they were forbidden from answering.

Extra Security Measures

It is not a standalone feature; instead, clicking Browser Security from the main window simply takes you to the Web protection page of McAfee’s multipurpose security report. Dedicating a button to this feature seems like a waste of screen space.
You can get more assistance by selecting Tracker Remover. Despite its name, this feature has nothing to do with preventing tracker elements from appearing on websites. Instead, it removes data from your computer and browser that could be used by a spy to profile your behavior. It can, among other things, delete broken shortcuts, clear the history of Windows, and remove temporary files from system files. You can select individually for Chrome, Edge, Internet Explorer, and Firefox, or you can let it clear cookies, cache, and history across all of your browsers.

It reports how much space you could save by cleaning up once a scan is complete. Although you can delve into the specifics of what the scan turned up, most users should just move on to the cleanup stage. Though McAfee schedules Tracker Remover scans automatically, nothing is ever removed without your consent.

WebAdvisor is the most important and useful part of McAfee’s web-level protection, despite not being visible on the home page. You’ve seen that WebAdvisor can direct the browser clear of websites that host malware as well as phishing scams. The browser extension can also mark up search engine results so you can see whether a site is safe, dangerous, or untested before you even click on it.

McAfee actively encourages you to install its Secure Search engine, which is how it marks up results by default. You must make a minor setting adjustment if you want to continue using Google, DuckDuckGo, or another well-known engine. Choose “Tell me if a search result is safe in any search engine” by clicking the toolbar icon for the WebAdvisor extension, selecting the home icon up top, and scrolling down.

By default, WebAdvisor marks up risky websites on well-known social media platforms. It specifically defends Twitter, YouTube, Reddit, Linkedin, Facebook, and Instagram. The same WebAdvisor settings page allows you to enable or disable this feature, but I advise leaving it on.

A ransomware attack feels violent and unsettling, similar to being held for ransom. Attacks known as cryptojacking are much more cunning. When you visit a website, it uses your system resources to mine for Bitcoin or another cryptocurrency as part of a distributed system. Keep in mind that mining for bitcoin is completely legal. Bitcoin and other cryptocurrencies are produced through mining. The issue arises when a website or software program secretly uses your computer’s resources to mine cryptocurrency for another party.

The Cryptojacking Blocker, which relies on WebAdvisor, prevents these websites from syphoning off your resources. When cryptojacking code is discovered, it suppresses it and slides in a banner describing what it did. You can choose to allow the website to use your resources without restriction. Why would you act that way? because a small number of websites openly rely on cryptocurrency mining as a source of income rather than advertising.

Partially safeguard your identity

There are various sections within the My Protection menu. Seven features are available in the Protect your PC section, including access to the firewall and antivirus scans. You can find Browser Security, Web Boost, and Tracker Remover under Protect Yourself on the Web. You might be disappointed to discover that the only option listed under Protect your identity is a secure deletion File Shredder. There are many more items in this category in the suite products.

In Windows, deleting a file simply moves it to the Recycle Bin, where anyone with access to your computer can retrieve it. Your deleted file data is still accessible for forensic recovery on your disk even after you bypass or empty the trash bin. To prevent forensic recovery, the File Shredder tool overwrites files before deleting them. There are three different shred types available, each with a different number of overwrites before deletion. The overwrite limits for Basic are two, Safe is five, and Complete is a whopping ten. You can permanently delete any file or folder you want by shredding the Recycle Bin, Temporary Internet Files, or any other file or folder. You can also right-click any file or folder and select Shred from the menu that appears. The menu option can be easily found thanks to a McAfee icon.

When used in conjunction with a file encryption tool like the File Lock feature of McAfee Total Protection, secure deletion is especially crucial. The plaintext originals could be recovered using forensic hardware or software if you don’t completely delete them. Further, after an encryption job, Kaspersky Plus will automatically offer to shred the originals.

Security Score and Security Center

An online version of McAfee’s Protection Center can be accessed by clicking the circle icon for Protection Score in the left-rail menu. The Protection Score idea is straightforward. You receive a score between 0 and 1,000 along with suggestions for how to raise it. According to McAfee’s studies, more than half of users would take advantage of a straightforward opportunity to raise their score, improving their security and identity protection in the process.

However, the majority of the room for improvement is in the area of identity protection, which belongs to McAfee’s suite of products. After a few insignificant things, I found myself staring at the greeting, “Hello! To raise your score, complete 0 tasks.

The Protection Center provided links for me to download and set up McAfee’s VPN and parental control products, which only served to further my confusion. My contacts at McAfee confirmed that this is a mistake that will be fixed. When I discuss the McAfee suite of products, I’ll come back to Protection Center.

Comprehensive Defense

Although McAfee AntiVirus Plus doesn’t achieve the highest possible score, it does well in both our in-house tests and those conducted by independent testing labs. Installing it on Windows provides the most complete protection, though some venerable features are scheduled for removal. With the Protection Score front and center as an incentive to improve, McAfee’s emphasis on protecting the customer’s privacy, identity, and devices led to a transformation of the Android and iOS apps. However, as a result of that change, the Android app lost anti-theft and a few other features. In comparison to Windows, the Mac feature set is still limited. The good news is that this suite now supports Chromebooks and laptops with ARM processors. One subscription covering all of your devices elevates McAfee to the level of Editors’ Choice.

McAfee’s unlimited licensing turns out to be a sweet deal in a contemporary household with a diverse range of platforms. However, you might prefer one of our other Editors’ Choice winners if what you require is antivirus protection for a specific number of PCs. Bitdefender Antivirus Plus boasts a wide range of practical bonus features and consistently receives top ratings from independent labs. The smallest antivirus available is Webroot SecureAnywhere AntiVirus, which also has a unique journal and rollback system that can even repair ransomware damage. Your decision should be based on precisely what you want to safeguard.

  • PROS

    • Security for all your Windows, macOS, ChromeOS, Android, and iOS devices
    • Excellent scores in our hands-on tests
    • Virus protection pledge
    • Protection Center encourages improving security
  • CONS

    • Antivirus missed one modified ransomware sample
    • Several long-standing features slated for removal
    • Very slow full scan on Windows
    • Protection Center not fully functional without suite-level features
    • Mac edition lacks many features found under Windows

Leave a Comment

Your email address will not be published. Required fields are marked *