Heimdal Review – A Down-To-Earth Antivirus

Heimdal Security, despite the Norse-mythology-inspired name, is as down-to-earth as a cybersecurity company can be. Yet another player on this highly competitive market, it has been around since 2011. However, it only went through a significant growth in the recent years, when it also collected a couple of prizes under its belt:

  • The 2016 award for the Most Educational Security Blog
  • A nomination for the Anti Ransomware Solution of the Year 2017, from Computing Security Awards
  • The award for the Anti Malware Solution of the Year 2018, from the same Computing Security Awards

These awards and nominations speak for the company’s evolution and focus. Clearly, they don’t just develop traditional antivirus software. And they don’t mind walking the extra mile to educate their customers and keep them safe. In fact, according to their stats, over 600,000 users and 5,000 companies have chosen Heimdal in the fight against cybercriminal attacks.

If you’re wondering what the Heimdal solutions consist of and whether you should give their products a try… Stick around to find out more from our Heimdal antivirus review.

Image of Heimdal Antivirus Software Ratings

Meet Thor, Heimdal’s security solution

The Heimdal portfolio includes security solutions for both home and business use. There is this free antivirus version for home use (Heimdal Thor Free), followed by three different product branches:

  • Thor Premium
  • Thor Foresight
  • Thor Vigilance

All three can be purchased either for home or for enterprise use. But contrary to what you might expect, these aren’t upgraded versions of the same package. Thor Foresight and Thor Vigilance are two product branches that can be purchased separately and run simultaneously.

  • Thor Vigilance is advertised as the reactive protection mechanism. It is the actual antivirus engine that steps in whenever a threat is found in the system. And it offers an interesting selection of scanning profiles.
  • Thor Foresight is supposed to act as a proactive security solution. It steps in, by default, to filter cyber threats and prevent them from reaching the system. But, should the threat have already sneaked in… It will team up with the antivirus, playing a significant role during and after the attack.
  • Whereas the Thor Premium package is a security suite that offers everything that Foresight and Vigilance bring separately. By offering both proactive and reactive solutions, is should offer full protection. By full, we mean everything from guarding financial and personal information to fighting malware and other security exploits.

Buyers can, of course, opt for only one product and decide later if they need to add anything else. The main offer consists of purchasing a license for one year, with the possibility to install it on three PCs.

While you are struggling and trying to figure what to choose… Heimdal insists that the two branches complement each other and you should run them both, for maximum protection. Which one is better, after all? Let’s see…

Heimdal Thor Free – a free antivirus for home use

Almost any security product on the market comes with a free, basic package and Heimdal is no different. Their Thor Free offer is an antivirus with an edge because it doesn’t just scan the system for threats. It also scans the system apps for security vulnerabilities and allows users to update them directly from the antivirus interface.

According to the United States Computer Emergency Readiness Team, keeping apps updated blocks up to 85% of the web attacks. To support this direction, the antivirus has automated the app update process, which happens in the background. Among its main characteristics, we have found that:

  • Compatible with computers using Windows 7/8/8.1/10 (32 and 64 bit);
  • Runs smoothly in the background, scanning the computer and checking for available updates at every two hours;
  • Allows the installation of new apps safely, with just one click, without requiring the download and run of an installer;
  • Shows reports of the automatic updates within the Activity Reports tab.

Image of Heimdal Antivirus Software Menu,Overview Section

Now, as interesting as the app automation may sound, it doesn’t apply to all the apps you can think off. Heimdal is currently offering a selection of a little over 20 apps that it can automatically update. And this selection is subjected to change at any given time. The Adobe apps, Chrome and Firefox, Google Drive, Skype, VLC and Java are just a few of them.

Heimdal Thor Premium Home – the all-in-one protection solution

Like mentioned in the beginning of our Heimdal antivirus review, the Thor Premium Home package is their most complex product. It offers both proactive and reactive protection against all kinds of threats. And it sits at the very opposite corner of what the humble Heimdal Thor Free has to offer.

This is actually a security suite. It offers both a next-gen antivirus and the extra threat prevention that basic antivirus software doesn’t include.

Image of Heimdal Antivirus Software packages

On one hand, the antivirus, the above-listed Thor Vigilance Home, relies on machine learning. Through its market-leading detection mechanisms, it should block advanced ransomware and malware attacks, but also many other online scams.

  • Comes with firewall integration, local signature scanning, and file-based scanning;
  • Works with both heuristic scanning and behavior-based scanning;
  • Also offers real-time cloud scanning together with sandbox and backdoor inspection.

On the other hand, that layer of extra threat prevention provided by Thor Foresight Home… It should block viruses and malware before it infects the system. Financial and data-stealing malware is also on its blacklist. But its main role remains the one of automatically patching the security holes that it detects. To sum up:

  • This module offers multi-layered, artificial-intelligence-powered protection;
  • It secures your internet browsing, your online banking, and payment transactions;
  • It blocks data leakage while ensuring phishing protection;
  • And it makes sure that your apps get automatic updates, while allowing software installation, conveniently and securely.

The app updates, still a central part of the security suite

Just like in the free antivirus version, in this security suite, the app updates run after an automatic scan that the antivirus performs. The first scan will take place right after you finish the installation:

  • It may detect that no app requires an update;
    • In this case, you will see the Scan button in green and a message “Your computer is healthy”
  • It may detect that one or more apps require to be updated;
    • In this case, the green will turn orange and you’ll see the message “Your computer must be updated”.

For the second situation, users must head to the X-Ploit Resilience area. In there, a list of apps with different symbols next to them will be available. Those symbols reflect the status of each app, which can be any of the following: Up to date, Out of date, Newer version detected, Not monitored, Manually retry, Downloading, Error downloading, Installing, Error installing, Contact support.

The actual protection layers you can rely on

To quickly review what the Heimdal security suite can do for you, we should mention the following protection layers:

  • The first security layer is a traditional signature code scanning process.
    • It applies to all local files.
    • And it is meant to detect and stop whatever viruses, data leakage, exploits, ransomware or other advanced online threats it can find.
  • In the event that it detects potentially dangerous files unknown to the antivirus, it throws into play the real-time cloud scanning.
    • It simply isolates the file and sends it to their dedicated, secure cloud system.
    • In there, the unknown file is subjected to real-time scanning.
  • The advanced machine learning techniques also come into play, as an extra layer of security.
    • Suspicious files are sent to a dedicated sandboxing system, where their behavior is analyzed to determine if it acts as malware.
    • And it runs a backdoor inspection, looking to see if those suspicious files tried to access servers through a backdoor method.
  • Heuristic and behavior-based analysis is running all the time.
    • The Heimdal Premium package will look for code changes at all levels, scanning for suspicious behavior, in the background, silently, 24/7.
  • And through it all, the Windows Firewall is kept active on the PC all the time.
    • The Thor Vigilance Home will automatically activate the Windows Firewall if it discovers that it was turned off.

More on its real-time protection in three layers

Real-time protection, just like the name suggests, is focused on blocking imminent threats, before they attack your operating system. This part is handled by Thor Foresight, the proactive cybersecurity solution that Heimdal takes great pride in.

From the inside, this proactive solution ensures an automatic patch management system. It basically looks for security holes and tries to fix it with automatic software update. And from the outside, it filters the cyber threats by constantly monitoring your internet traffic.

The three pillars of protection that you will get from Thor Foresight are the DarkLayer GUARDTM, the VectorN DetectionTM, and the X-Ploit RESILIENCE. Coming up next, we shall quickly review each of them.

Image of Heimdal Antivirus Software Qualities

1.The DarkLayer GUARDTM

The DarkLayer GUARD is a traffic filtering engine that guards network communication at three levels: DNS, HTTP, and HTTPS. It should fight data leakages, next-gen attacks, ransomware attacks, and Zero Hour. To do all that…

  • Allows you to customize white lists and black lists;
  • Provides Host-Based Intrusion Prevention and Threat To Process Correlation techniques;
  • Constantly works to protect the device against both known and unknown malware.

2.The VectorN DetectionTM

The VectorN Detection is a scanner that relies on machine learning detection. It works together with the DarkLayer Guard, monitoring the records provided by the latter. And it tries to identify patterns within the number of blocks. It also identifies attacks with the help of IOA/IOCs (Indicators of Attack/Compromise). Through the same self-learning mechanism, it tracks the device-to-infrastructure level of communication. Consequently, it should spot second-generation malware effectively.

To better understand how it works, let’s take one example of pattern that VectorN Detection can spot:

  • The DarkLayer Guard keeps blocking a particular domain, many times, in a very short timeframe…
  • Such pattern normally indicates that an automatic request is being sent from the machine to a dangerous domain already blocked by Thor;
  • In this case, VectorN Detection will display a popup within the system’s notification bar;
    • This popup doesn’t just inform the user about its activity;
    • It also suggests a potential infection and the necessity of running a scan with the Vigilance antivirus.


The X-Ploit RESILIENCE is a management tool for all things related to compliance, vulnerability, and software. It is where users can stay up to date with the security suite’s activity. And where all the automatic updates are conducted. It is, if you want, the center of the patch management system.

We have already mentioned, earlier in our Heimdal antivirus review, that the security suite will monitor and update a specific number of apps. Those apps are listed in this section, as part of a table with five columns, where you will see:

  • The name of the software;
  • The version currently installed on the device;
  • The status of installation;
  • Any potential monitoring process in place for that particular app;
  • The option to activate/deactivate the auto update for that particular app.

Image of X Ploit Resilience

Apps can be easily deselected from the auto update column. By doing so, the user will actually instruct Thor to stop automatically searching for patches for that particular app.

Aside from updating currently installed apps, X-Ploit Resilience can also install new apps. Once installed, the same app will get to the list of apps that are monitored and updated automatically.

For keeping track with all these changes, you have the View History tab. In there, one can see what apps were installed and what apps were updated by Thor. Speaking of automatic updates, the module doesn’t have to scan for available updates all the time. Instead, the Quick Settings menu offers the possibility to schedule the server scans at specific time intervals.

As an interesting observation, Heimdal makes it clear that Thor Foresight complements antivirus software. And while it recommends pairing it with their own antivirus, it leaves room for compatibilities. Avast and AVG or Avira, Bitdefender and Kaspersky, McAfee, Symantec and Webroot are only a few of the compatible antivirus options.

A few words on the user interface

The complete security suite from Heimdal was designed around two sections on the main dashboard. One of them is dedicated to Thor Foresight, and the other to Thor Vigilance.

Within the proactive side of the dashboard, the one dedicated to Foresight, users can see:

  • General stats regarding the number of attacks prevented by the DarkLayer Guard;
  • The targeted processes that have been analyzed up to that point;
  • The number of software updates handled by X-Ploit Resilience;
  • The probability of infection, again, by the stats gathered with X-Ploit Resilience.

Within the reactive side of the dashboard, the one dedicated to Vigilance, users can see:

  • Details concerning the real-time protection;
  • Information regarding the time of the last scan;
  • The number of infections discovered up to that point;
  • The number of quarantined files.

Aside from the two main panels, there is this toggle menu, on the left side of the dashboard. From there, submenus to the functions that we just mentioned are only a few clicks away. Notably, there are also shortcuts to the important pages within the Heimdal Security website.

As a nice design detail, there’s a three-thunders icon available on the menu. One tap on it will swap between the two main available themes: Light Theme (colored) and Dark Theme.

From all the features we got the chance to review by now, there are two, in particular, that you will probably want to check. The Scan section is where you can put the antivirus at work, taking advantage of all those scanning options. The DarkLayer Guard is where you can see the blocked addresses and make manual changes. Let’s see what you will discover inside these two menus…

Know your scanning options

The antivirus offers a wide selection of scan types. These ones can be initiated manually, by the user, whenever there is a suspicion regarding the system. The main options are:

  • Quick scan
  • Active processes scan
  • Full scan
  • Hard drive scan
  • Local drive scan
  • Removable drive scan
  • System scan

Once a particular type of scan is selected, the Heimdal antivirus will display a scan-in-progress notification icon. You will see it at the top right corner of the dashboard. And as you can imagine, no other scan can be initiated until the one in progress ends.

Heimdal scan types

Within the Home menu of the antivirus, there is a special section labeled as On Demand Scan. In there, users can either perform a scan at any given time, by choosing one of the options above-listed. Or they can schedule a custom scan, for later. There is even the possibility to choose the hour when you would like to have this scan running.

Know your blocked addresses

The DarkLayer Guard menu offers an overview of the blocked websites. Basically, it is a list with all the potentially dangerous websites or clearly infected websites that the tool has blocked.

This section offers:

  • Details regarding the exact web address;
  • The date when the address was added to the blacklist;
  • The Unlock button, displayed next to each domain name, which can be used to whitelist a particular address.

One can use the dedicated text box to type the address or to simply copy it. Then, with a click on the option labeled as “Add to Whitelist”, it will remove that address from the Blacklist. The opposite is even simpler.

Image of Thor Vigilance Home,scheduled scans section

Suffices to hit the Block button for an address that has been recently whitelisted and it will return to the Blacklist. As imagined, Heimdal will not encourage the manual whitelisting of an address that the antivirus has previously blocked.

Know your notification options

Some users want to tweak every single option from the ones we introduced you to. Others, on the contrary, are willing to let the antivirus do its job automatically. They would customize its settings as little as possible. But regardless of the approach, all antivirus users want to stay up to date with what it does.

For this purpose, check the Notifications menu from its Settings. From there, decide what kind of notifications you want to receive:

  • Balloon notifications – for whenever it detects threats or it updates some of your apps (with the option to choose different notification intervals);
  • Scan status – when the antivirus starts or finishes a scan;
  • Malware infections – when the antivirus detects and blocks a potential malware threat;
  • Malicious traffic blocked – when your device is trying to connect to a web location that the antivirus considers to be a threat;
  • Thor Vigilance – when the antivirus has found a suspicious or clearly infected file on the device;
  • Software updates – when it detects new software available and/or it installs it;
  • Security news alerts – when a new article is posted on the Heimdal Security blog.

When looking to activate one of these notification options, you should see two help buttons: a blue info button and a green eye button.

  • If you press the blue one you will get details on the notification’s purpose, a description of what it shows.
  • If you press the green one, you will see how the notification looks, so you will know what to expect when it will pop up.

Image of Thor Premium Home,settings section

And if you want to learn more…

One particular menu within the Heimdal antivirus app is their educational center. We’ve mentioned in the beginning of our review that Heimdal won the award for the Most Educational Security Blog in 2016. And they still continue to allocate resources for educating their users.

With just one click, you can get to their blog and read lots of informative materials and news from the cybersecurity world. Imagine that they even have courses that can introduce you to this field… One look at their Cyber Security for Beginners course might prove interesting and useful, if you want to learn more. Or, perhaps, the Windows 10 Security Guide will appeal more to you.

But if you were having difficulties even with simply understanding some of the most technical terms in our Heimdal antivirus review… Start with their Cybersecurity Glossary. It will also help you better understand the features of their premium suite.

Bottom line

Obviously, the Heimdal antivirus packs loads of useful security features. The fact that their proactive security service is compatible with third-party antivirus software is a major plus. Though, it only makes sense that if you’re willing to test it, it is best to use the full package from the same developer. Thor Premium Home really looks like it offers great value for the money.

We are yet to see some independent tests on its malware detection efficiency. And it appears that it tends to blacklist certain websites a bit too fast – which is why it’s a good thing that you can manually whitelist websites. But other than that, user experience is generally positive.

So, it may not be the most effective security solution out there (which one is it, after all?)… But judging from everything we have seen so far, it sure deserves staying on your short list.