NewApp Digest
search bot

Antivirus

What Is Endpoint Detection and Response?
Tech Optimizer
May 7, 2026

What Is Endpoint Detection and Response?

Traditional endpoint security measures, such as antivirus software and firewalls, are increasingly ineffective against sophisticated cyberattacks, which can bypass these defenses. Endpoint Detection and Response (EDR) is a solution that emphasizes rapid detection and containment of threats, continuously monitoring endpoint activity and identifying suspicious behavior in real time. EDR platforms gather data from all connected endpoints and utilize AI-driven analytics to detect both known and unknown threats. In 2024, over 97 billion exploitation attempts were recorded, underscoring the need for robust endpoint protection. EDR tools operate in four stages: detection, containment, investigation, and elimination of threats. They collect telemetry data from endpoints to establish a baseline of normal activity, enabling the identification of anomalies that may indicate a threat. EDR can automatically isolate affected endpoints, terminate malicious processes, and execute remediation actions. EDR employs two methods for threat detection: comparing endpoint activity against indicators of compromise for known threats and using behavioral detection models for unknown threats. The system can generate reports on threat activity and response effectiveness, aiding compliance and operational decision-making. The telemetry data collected is stored in a centralized repository, supporting threat-hunting initiatives. Organizations that deployed EDR in 2024 experienced an average breach cost that was significantly lower than those that did not. EDR minimizes security blind spots, reduces the attack surface by identifying vulnerabilities, speeds up investigations and responses, blocks new threats through behavioral analysis, and strengthens other security measures when integrated with existing tools. Challenges in EDR implementation include alert fatigue, integration complexity, resource constraints, and limited scope. When choosing an EDR solution, organizations should prioritize features such as real-time threat detection, automated response capabilities, behavioral analysis, offline protection, low performance impact, and integration with existing tools. EDR functions effectively as part of a layered security strategy, complementing other tools like Endpoint Protection Platforms (EPP) and Extended Detection and Response (XDR). EDR focuses on endpoint activity, while EPP serves as a first line of defense against common threats, and XDR broadens the scope to include network traffic and cloud workloads. VPNs encrypt network traffic, providing an additional layer of protection for data in transit.
Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust
Winsage
May 6, 2026

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

On April 30, 2026, Microsoft Defender misclassified two legitimate DigiCert root certificates as a severe threat, specifically Trojan:Win32/Cerdigent.A!dha, leading to their quarantine and disrupting SSL/TLS validation across affected endpoints. This misclassification was a result of new malware detections introduced by Microsoft in response to concerns over compromised certificates from a DigiCert breach. The false-positive alerts were triggered by the registry entries of the two trusted root certificates, which are crucial for validating SSL/TLS sessions. Microsoft later acknowledged the error and adjusted the alert logic. There was no actual compromise of the DigiCert certificates, as administrators confirmed that the certificate hashes matched the official values. The misclassification stemmed from a failure to properly constrain the detection to only revoked end-entity signing certificates related to a separate incident. This incident follows a pattern of Microsoft Defender misidentifying legitimate software as malicious, as seen in a 2022 incident where Microsoft Office was flagged as a virus. Organizations with restrictive update policies may continue to face SSL/TLS validation failures until they deploy the corrective Security Intelligence version or manually restore the DigiCert roots.
I tested AVG antivirus. It's proof great AV doesn't need to be pricey
Tech Optimizer
May 6, 2026

I tested AVG antivirus. It’s proof great AV doesn’t need to be pricey

The cost of AVG Internet Security includes a single-device plan starting at a specified amount for the first year, which then increases to a higher annual fee, and a multi-device plan for up to ten devices that starts at a different amount for the first year and rises to a specified annual fee thereafter. The multi-device option allows sharing among family members. AVG Internet Security adds five features to its free antivirus: password protection, webcam safeguards, monitoring for unauthorized file access, defense against malicious website redirects, and protection against remote desktop protocol attacks. It does not include a VPN, which requires an upgrade or separate purchase. The installation process is straightforward, with a user-friendly dashboard. Users can initiate scans easily and choose from various scan types. AVG excels in real-time protection, scanning files upon access and monitoring applications for unusual behavior, including ransomware protection. As of 2025, users must set their own scheduled scans. AVG offers a secure browser during installation and a data shredder feature, though its effectiveness may vary. Customer support includes online chat, phone assistance, and comprehensive support pages. AVG Internet Security has received high marks for performance, detecting 100% of threats in controlled tests while minimally impacting system resources during regular use.
Intego ONE
Tech Optimizer
May 5, 2026

Intego ONE

Intego has released Intego ONE, a rebranded antivirus solution for Mac users that combines antivirus capabilities with a firewall. The product has received a 97.1% malware detection score in independent lab tests, although it lacks phishing protection, a feature offered by competitors like Norton and Bitdefender. Intego ONE has a tiered pricing structure, with the Essential tier costing .99 annually and providing antivirus and firewall protection, while the Advanced tier, which includes the SmartClean system cleanup tool, costs .99. The top-tier Complete subscription, which includes a VPN, is priced at .99 annually. Intego offers a 7-day free trial for potential customers. The software installation is straightforward, requiring Full Disk Access for optimal functionality. Intego's firewall is integrated into the main application for easier user interaction. The SmartClean feature aims to optimize system performance but may not justify its additional cost for all users. The VPN included in the Complete tier is user-friendly but may be priced higher than standalone options.
The best mobile antivirus software of 2026: Expert tested and reviewed
Tech Optimizer
May 5, 2026

The best mobile antivirus software of 2026: Expert tested and reviewed

Bitdefender Mobile Security is currently regarded as the best mobile antivirus software, achieving a 100% detection rate for malware on Android devices according to AV-TEST's August 2025 report. The 2026 version introduces App Anomaly Detection and includes features like Scam Alert and anti-theft tools. Sophos Intercept X for Mobile offers a free version with a perfect score in AV-TEST's comparisons and features such as multi-factor authentication and a Privacy Advisor. Surfshark Antivirus, part of the Surfshark One package, scored six out of six in AV-TEST's evaluations and includes various security tools, but is only available for Android, macOS, and Windows. Avast Mobile Security is a popular free option with robust features and achieved perfect scores in protection and usability in AV-TEST's September-October 2025 report. AVG Antivirus, operating on the same engine as Avast, also detected 100% of malware in AV-TEST's March-April 2025 evaluations and includes anti-theft tools.
2026 Security Checkup: Bad Medicine ⭐️
Tech Optimizer
May 4, 2026

2026 Security Checkup: Bad Medicine ⭐️

Neil J. Rubenking's article argues against relying solely on Microsoft Defender for antivirus protection, claiming it is inadequate for users managing multiple devices. However, the author contends that Windows Defender provides essential protection with minimal fuss and operates effectively in the background. The article suggests that third-party antivirus solutions are necessary for cross-device management, but the author believes that many devices are inherently secure and that users prefer a straightforward approach to security. The article also states that Defender's phishing protection is limited to Microsoft Edge, while the author points out that most modern browsers have similar protections. Additionally, the critique of Defender for lacking extra features found in third-party applications is countered by the author, who argues that many of those features are unnecessary or redundant. The article mentions the rise of AI-driven scams and suggests that third-party antivirus companies have adapted with specialized tools, but the author believes existing email provider filters are often sufficient. Lastly, while the article critiques Defender's user interface for being less visually appealing, the author emphasizes the importance of functionality over aesthetics. Overall, the author advocates for a streamlined approach to cybersecurity that leverages built-in protections and sound practices.
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Tech Optimizer
May 4, 2026

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, leading to their removal from Windows systems globally. This issue arose after a Defender signature update on April 30th, with affected certificates including 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 and DDFB16CD4931C973A2037D3FC83A4D7D775D05E4. The certificates were removed from the AuthRoot store under the Registry key HKLMSOFTWAREMicrosoftSystemCertificatesAuthRootCertificates. Microsoft has addressed the issue in Security Intelligence update version 1.449.430.0, which also restored the removed certificates. The false positives were linked to detections related to a recent DigiCert breach, where threat actors obtained valid code-signing certificates used for signing malware. DigiCert revoked 60 code-signing certificates, including those linked to the "Zhong Stealer" malware campaign. The malware utilized certificates issued to companies like Lenovo and Kingston, but the certificates flagged by Microsoft Defender are root certificates and do not correspond to the revoked code-signing certificates.
I've Tested Every Major Antivirus. Please Don't Rely on Just Microsoft Defender
Tech Optimizer
May 3, 2026

I’ve Tested Every Major Antivirus. Please Don’t Rely on Just Microsoft Defender

Securing all devices with antivirus protection is essential, and while free options can provide adequate defense, Microsoft claims that Microsoft Defender Antivirus is sufficient as the sole line of defense for Windows. Microsoft Defender has evolved since its inception in 1993, but historically it struggled against independent antivirus solutions. Microsoft argues that its telemetry is a better measure of effectiveness than lab scores, highlighting Defender's capabilities against running files, unsafe links, and unauthorized changes. However, it acknowledges that users with multiple devices may need third-party solutions, as Defender does not support non-Windows devices. Defender's phishing protection is limited to the Edge browser, and it lacks many features standard in other free antivirus solutions, such as dark web monitoring and VPN protection. Additionally, it does not utilize Windows Copilot for scam detection, leaving users vulnerable. Its user interface is also considered less intuitive compared to competitors. While Defender offers basic protection, it is not comprehensive enough for most users, who may benefit from exploring third-party antivirus options for enhanced security.
This $10 upgrade transforms your PC — but it’s only on sale until midnight
Winsage
May 3, 2026

This $10 upgrade transforms your PC — but it’s only on sale until midnight

Microsoft Windows 11 Pro is available for .97, significantly reduced from its regular price of 9. This offer is valid only until midnight tonight. Windows 11 Pro includes features such as Snap layouts, seamless redocking, enhanced search functionality, and improved voice typing. It also offers tools like Azure AD, Hyper-V, Windows Sandbox, and BitLocker device encryption for security and productivity. For gaming, it features DirectX 12 Ultimate graphics and integrates Microsoft's AI-powered assistant, Copilot. Security enhancements include biometric logins, encrypted authentication, and robust antivirus protection.
Search