We are funded by our readers and may receive a commission when you buy using links on our site.

Heimdal Threat Prevention Home Review 2024

Sam Cook Data Journalist, Privacy Advocate and Cord-cutting Expert

Heimdal Security company logo Despite a crowded market for security software, Heimdal still manages to make a compelling case for why you need its PRO security software. Operating somewhat in a class of its own, Heimdal Threat Prevention Home is not an antivirus program, fitting more uniquely into a very small security improvement and network monitoring niche. While the base price is a bit high for individual buyers, the software becomes more affordable with the discount detailed in this review, making it a good purchase for just about anyone.

DEAL ALERT: Save a huge 60% on Heimdal Threat Prevention Home

With Heimdal Threat Prevention Home you can do all of the following:

  • Automatically update vulnerable applications
  • Automatically scan your network for incoming and outgoing threats
  • Scan your network traffic for suspicious activity related to malware, such as zero-day threats and financial fraud

However, the application is distinctly limited. You cannot remove malware from your computer with Heimdal, nor can you scan your computer for viruses in a traditional sense. Instead, Heimdal fills the more limited, yet still functional role of actively protecting your network endpoints from suspicious activity. The software also ensures some of your most vulnerable software applications are up-to-date with the latest security patches.

To that effect, Heimdal plays well with traditional antivirus options, improving areas where antivirus programs are often weak, while proactively covering security holes typically ignored by most antivirus software makers. From a larger perspective, Heimdal is designed to help secure your software applications before they become a problem while monitoring your network to help ward off intrusions from hard-to-detect “second generation” malware.

With the option for a 30-day free trial and a no-nonsense sign-up process, it’s hard to a find a reason not to at least give Heimdal a test drive. You may find the actual price a bit hard to stomach if you’re already paying for antivirus software, some of which may have features similar to what Heimdal offers. However, Heimdal pairs well with both free and paid antivirus solutions in circumstances where there are still security holes in your network.

Heimdal signup process

At Comparitech, we prefer to do a top-down approach to reviewing antivirus software. This method starts with arguably the most important part: the payment and sign-up process. In the past, we’ve found some antivirus applications that purposefully muddle this important step. A confusing signup process often leads to consumers paying for unnecessary and unwanted add-ons, as well as users unintentionally signing up for automatic renewals.

Positively, Heimdal not only simplifies the signup process but does not offer any product add-ons. Everything you can do with the software is all-inclusive for the price you pay at checkout for the software. Additionally, you can choose whether you want automatic renewal prior to checkout. Heimdal does not hide or obscure this option.


If you’re signing up to Heimdal Threat Prevention Home for your business, you can enter company details (billing address and VAT number) so that Heimdal will create an invoice for you. Additionally, if you received a voucher for the program, you can enter that information prior to proceeding to checkout.

Overall, the signup process for Heimdal Threat Prevention Home is one of the clearest we’ve seen. With unambiguous pricing, no add-ons, and an obvious location to select or deselect automatic renewal, Heimdal shows from the signup process that the service is intended to provide quality protection without playing games with your wallet. Heimdal Threat Prevention Home pro pricing

Reader deal: Save on the standard pricing here


Heimdal Threat Prevention Home is built specifically for Windows computers and devices. This software is available only for Windows PCs running Windows 7 through 10, as well as the Microsoft .NET Framework version 4.6.1. The software is also available for macOS and Android, but iOS users will have to wait a little longer.

The system requirements would tend to indicate that Heimdal Threat Prevention Home is more designed as a business application for small-to-midsized businesses over more personal consumer use. Still, individuals who find value in the software should have no problem using it as well.

Given Heimdal Threat Prevention Home is not a traditional antivirus program, it also requires far fewer resources. Upon install, Heimdal needs a minuscule 25 MB of hard drive space. The software also requires local administrator rights and internet access to function. The internet access requirement is specifically becauseHeimdal Threat Prevention Home’s two features, network monitoring, and software patching, serve no function without an internet connection.

Installation and Setup

In keeping with its focus on speed and simplicity, Heimdal Threat Prevention Home’s installation and setup process is extremely fast. After download, you’ll need to choose an installation location. Then, Heimdal Threat Prevention Home will take you through just two quick setup steps.

Software Updates

One of Heimdal Threat Prevention Home’s key features is silent, automatic updates for your PC’s applications. Heimdal Threat Prevention Home gives you the option to choose which apps you want to monitor and auto-update. You can set Heimdal Threat Prevention Home to  “Autopilot” or “Custom” mode. Autopilot automatically selects your downloaded applications and updates them for you. Custom will still automatically update some of your applications to the newest versions but allows you to choose which apps receive these updates.

Security Notifications

Heimdal Security detection

The second key feature Heimdal Threat Prevention Home offers is network monitoring. The service will monitor your internet traffic for malicious activity. During the setup process, Heimdal Threat Prevention Home allows you to decide which types of notifications you want to receive. If you want more information on what these notifications actually do, you can click the small blue “i” for more details. You can also receive a preview of what each notification might look like by clicking on the green eye symbol next to each type of status update.

Note that turning off “Balloon notification” will disable your ability to toggle the other notifications. Heimdal Threat Prevention Home does not appear to give any indication in the initial setup process as to why this is the case. However, if you want to toggle any of the additional status notifications, you’ll need to leave this option turned on.

Once you’re finished toggling notification statuses and choosing which apps to automatically update, the setup is complete. Heimdal Threat Prevention Home is easy enough to set up and use that it’s quite possible to close the window and let the program operate silently in the background at this point.


Heimdal PRO interface

Users will find a surprisingly simple interface on Heimdal Threat Prevention Home. This is primarily because, as stated, Heimdal Threat Prevention Home is not an antivirus software program. While it does have a monitoring feature that checks your network for malicious activity common among malware, it cannot remove malware from your system. Heimdal Threat Prevention Home has a limited yet focused set of features, resulting in an overall unencumbered interface.

Upon opening the software, Heimdal Threat Prevention Home presents users with an “Overview” screen that displays system health reports. If everything is great, you’ll see green across the window. If anything is off or wrong, you’ll see yellow or red, depending on the severity of the report.

Users can shift between three additional screens for “Traffic Scanning,” “Malware Engine,” and “Patching System.” Much of what you’ll find in these additional screens are settings you can turn on or off during the initial setup process.

More detailed activity reports are also available by clicking on “Activity Reports” at the top of the Window, while additional settings options are available using the gear symbol on the top right.

Nothing about the Heimdal Threat Prevention Home interface is confusing, nor are the options difficult to locate. Given Heimdal Threat Prevention Home is primarily designed to run in the background, there is overall very little users can do with the interface beyond receive and view reports, change settings, and manually install software or software updates when applicable.

Heimdal Threat Prevention Home Security Features

There are two key features that come with Heimdal Threat Prevention Home: automatic software application updates and network monitoring.

Automatic Software Updates

Heimdal Software updates

Few antivirus programs automatically update your installed applications. However, this often-overlooked security threat does require attention. Spiceworks wrote about the dangers of using end-of-life (EOL) software, highlighting specifically the danger of security vulnerabilities. As Spiceworks writes, “A firewall and [antivirus] are not sufficient protection against unpatchable vulnerabilities, which hackers are quick to exploit.”

While Heimdal Threat Prevention Home does not provide updates to EOL software (or software that is no longer supported by its maker), it will actively check for security patches to currently installed apps. This includes Adobe Acrobat, which according to data from CVE Details has the among the largest number of distinct security vulnerabilities. Given the ubiquity of Acrobat in business (the world still runs on PDFs, after all), updating the software is an essential security measure.

Heimdal Threat Prevention Home will display 10 different potential statuses for your software, including:

  • Up to date
  • Out of date
  • Newer version detected
  • Downloading
  • Error downloading
  • Installing
  • Error installing
  • Manually retry
  • Contact support
  • Not monitored

Each of these statuses has a clearly marked symbol on the left-hand side of the Patching System screen to avoid any confusion.

Heimdal PRO update statuses

There are several questions related to the automatic patching feature, including:

  • How does the patch system work?
  • How often do software patches occur?
  • Which software applications does it work with?
  • Are the patches intrusive?

Heimdal Threat Prevention Home software patching explained

Software patching with Heimdal Threat Prevention Home is actually fairly simple. Using its library of supported software, you can select which software you want Heimdal Threat Prevention Home to monitor. It will dig into the versioning for your installed applications, looking for version and patch numbers. Heimdal Threat Prevention Home will then cross-referencing that information with what’s currently available online

If Heimdal Threat Prevention Home finds that there’s a new patch out for your software or a newer version, it will automatically download and install that patch in the background.

When a patch is available, Heimdal Threat Prevention Home will let you know via a notification on the bottom-right of your screen. It will also let you know through the interface on the “Patching System” screen. Where relevant, it will provide a symbol indicating what type of issue exists with the current software (such as “Out of Date” with a red exclamation point, or “New Version” with a yellow exclamation point).

Should something go wrong with the patching process, there are symbols to indicate that as well. Once downloading starts, Heimdal Threat Prevention Home will show an ellipsis symbol (“…”) next to the requisite app name.

Patch frequency and application compatibility

By going to the settings screen (green gear symbol on the top right), you can adjust how frequently Heimdal Threat Prevention Home scans your apps and checks for new software. The preset time is every 120 minutes. Unfortunately, you cannot decrease this frequency below once every two hours. The maximum time between scans allowed is once every 1440 minutes (24 hours), which is a common scanning frequency for security software.

To put the patching to the test, I downloaded several older versions of different applications. Using the website OldVersion.com, I installed outdated versions of some popularly used programs: Mozilla Firefox, Acrobat Reader, DirectX, and Opera.

Heimdal Security updates

After downloading and installing the older software versions, I launched the Heimdal Threat Prevention Home application and checked the patching system settings. The older version of Firefox registered with Heimdal Threat Prevention Home and under “status”, indicated a red exclamation point. The other three software applications did not register, leading me to wonder how effective this feature could be if it did not register all of my installed software.

I later discovered that it did take note of my out-of-date Acrobat Reader, but it never registered a complaint in the interface. Instead, it silently updated both Firefox and Acrobat to their newest versions.

Additionally, although I did not download it as a test, the software also updated my Chrome browser a few days later after the initial software patching test.

Heimdal Security update notification

Under the “Recommended Software” section of the Software Patches screen, Heimdal Threat Prevention Home does include a long list of 70 applications that you can install directly from the Heimdal Threat Prevention Home interface. These are also the applications that Heimdal Threat Prevention Home will monitor for patches and version updates. The program also offers a note that it updates 99% of “security critical apps,” which one can assume is the list of apps provided by Heimdal.

Are software patches intrusive?

After testing Heimdal Threat Prevention Home for several days, I never once encountered any intrusive behavior from the software patching. True to its word, Heimdal Threat Prevention Home runs this process silently in the background. Beyond notifications (which you can turn off), it’s easy to “set it and forget it,” so to speak.

Even after Heimdal Threat Prevention Home updated my Chrome browser, it did not interrupt my workflow. The patch happened in the background and did not require me to close my browser. This may is not the case when Heimdal Threat Prevention Home needs to install a new version of an application instead of just a security patch, however.

Through testing, I found the software patching extremely functional, with the biggest limitation being the extremely small number of apps Heimdal Threat Prevention Home actually monitors. That limitation is potentially a big problem if you’re counting on using Heimdal Threat Prevention Home to cover some security-critical programs that don’t offer push notifications for software updates.

Traffic Scanning and Malware Engine

The other key area Heimdal Threat Prevention Home covers is network monitoring. This is accomplished through the application’s traffic scanning features. Heimdal Threat Prevention Home is designed to be an “endpoint device” monitor, meaning it scans both incoming and outgoing traffic flowing through an internet-connected computer or other devices. That also means it check for suspicious activity across your entire home or business wireless network. It will only scan for suspicious activity occur on each machine where it’s installed.

Traffic Scanning

Traffic scanning Heimdal PRO

As with software patching, traffic scanning in Heimdal Threat Prevention Home is mostly a passive activity. As long as you have the settings turned “on”, the software will automatically monitor all network activity to and from your computer using its networking monitoring filters. Any suspicious activity is flagged or blocked, depending on the severity of the activity.

It is possible that Heimdal Traffic Scanning could impact network bandwidth, but my tests were inconclusive on his front. With an initial test, I did encounter some minor impact on latency and download speeds over multiple tests. After turning on the traffic scanner, latency spiked, although it did return to normal shortly after. Download speeds were marginally affected. A 100 MB test file took about 45 seconds to download without the filter, about 55 seconds with the filter turned on. Speed tests using The Internet Health Test revealed a small but noticeable download speed drop of about 7 Mbps with the filter turned on.

However, later file download tests and Internet Health Test reports showed little difference. All told, if Heimdal is impacting bandwidth, it’s likely too small an impact to register or matter.

Potential network speed impacts aside, traffic scanning does offer some noticeable benefits. Through traffic scanning, all of the following activities are accomplished:

  • Dangerous websites are blocked
  • Malicious content is blocked
  • Zero-Day exploits hidden on websites are blocked
  • Traffic redirects are detected and blocked
  • Data leakage is detected and the user is notified

Traffic scanning also includes Heimdal’s proprietary DarkLayer Guard. DarkLayer Guard is Heimdal’s key software behind the network filtering. It also draws upon a database of websites that are to host malware or have hosted malware in the past. The software also actively detects potential threats on websites that are not in the database. Heimdal DarkLayer Guard

Website blocking

Consequently, when looking for old versions of different software to test with the software patching feature, I ran into a website that Heimdal Threat Prevention Home blocked:

Heimdal PRO website blocking

The blocking was fast and is noticeably more aggressive than most browser-included website blocking. This aggressiveness can be detrimental at times.

Unlike other website blocking software that lets you proceed if you believe the site is safe, with Heimdal Threat Prevention Home turned on, you cannot proceed to the website at all. You will have to turn network monitoring off in if you want to proceed. You’ll also need to close and re-open your browser in order to access the blocked site.

I found that Heimdal Threat Prevention Home did indeed block sites that should not have been blocked. For example, the website snip.ly appears to be on Heimdal’s naughty list for some odd reason. So were the websites ip-api.com, and several others that are more or less innocuous. It appears these sites were blocked while loading their own content on other sites (e.g., ads). However, anyone trying to go directly to them would be completely blocked without turning off traffic scanning.

You can contact Heimdal Threat Prevention Home directly to inquire about a blocked site that you believe is safe. Until you hear back and assuming you get a positive response, you’ll need to turn off traffic monitoring in order to access that site at all.

Alternatively, you can whitelist sites on your own through your settings. Simply go to your Heimdal Threat Prevention Home settings and scroll down to “Update to Release Candidate.” This is turned off by default, so you need to turn it on. To force the update, you can go to the overview screen and click on “Scan” to download and install the update.

Once patching is completed, go to “Activity Reports” and “Websites Blocked”. You’ll see an option to whitelist any blocked sites, with a requisite malware warning from Heimdal.

Heimdal Pro whitelisting

Heimdal Threat Prevention Home does not appear to be blocking most sites, so it’s unlikely that a site you’re trying to access will be blocked unless it’s actually raised a red flag for some reason.

Traffic Scanning can cause you to lose internet access

One problem with Heimdal Threat Prevention Home, which the company has already recognized, is the fact that traffic scanning can cause an error that results in you losing your internet connection. This can happen because the traffic scanner must keep in constant contact with a cloud server. If Heimdal Threat Prevention Home is unable to contact the cloud server, traffic filtering won’t work and may cause your internet connection to cut out.

To counter this problem, Heimdal Threat Prevention Home has an option to automatically disable traffic filtering. This stops traffic filtering if the cloud server cannot be reached and prevents the internet connection error from occurring.

Malware Engine

Heimdal Malware Scanner

Heimdal Threat Prevention Home’s malware engine actively scans and blocks second-generation malware by hedging the traffic scanning technology. According to Heimdal, their VectorN Detection software is designed to detect both known and unknown malware by “analyzing communication patterns in your outgoing and incoming traffic”. As malware are often designed to send and receive data, this design is intended to specifically to catch Zero-Hour malware that may not be defined in the databases used by many real-time antivirus programs.

With most antivirus software at Comparitech, we actively test the virus detection and removal using live samples of viruses in a closed system. However, that proved to be a bit difficult with Heimdal Threat Prevention Home. Finding a live sample that would also actively send and receive data is, simply put, both difficult and not a good idea, even when using a sandboxed, closed system.

Unfortunately, we weren’t able to personally verify how well the malware scanning works. However, Heimdal came through for us and provided some very detailed information regarding what this process looks like when it does actually work.

The following screenshot from Heimdal show what you’ll see should your PRO software detect suspicious activity on your network:

Malware scan results

As you can see, Heimdal Threat Prevention Home’s Malware Scanner will indicate a threat level regarding the type of threat that was blocked. As with the traffic scanner, if an attack is detected, it will be blocked. This prevents whatever potential malware is infecting your system from sending or receiving data. You can then run a virus scan to detect malware that may be hidden on your system.

This is where Heimdal Threat Prevention Home’s key weakness comes into play. Since the software is primarily a traffic scanning tool, it has no virus removal capabilities. The lack of this function makes it difficult to justify the cost for many potential users.

Customer support

Heimdal maintains a support page that allows you to find help through several methods.

The first, and easily the least helpful is through the company’s “Announcements” page. You’ll find little here beyond a white paper or two and information regarding new versions.

Somewhat more helpful is Heimdal’s “Known Issues” page. If you’re encountering some type of error with your software, there’s a good chance others have experienced and reported it. At present, there are only eight articles listed here identifying known issues.

If you’re still struggling to find answers, the FAQ and Product Guide sections likely won’t be of much help to you. The FAQ section has several dozen FAQs listed, all categorized, but none which really address more complex technical issues. The Product Guide is more an extension of the FAQ section, offering some slightly more technical answers, but not exactly the help you’ll need.

Your best options are to utilize either a support ticket or the live chat. I decided to test both of these. First, I sent Heimdal a support ticket question at 5:15 PM EST on 11/14/2017. My test here was to determine a) how quickly I received a response and b) what kind of response I would receive. I had no intention of judging Heimdal too hard on my question. I simply inquired as to how to effectively test the Malware Scanning feature safely.

I immediately received an automated response which promised someone would get back to me within 3 hours if on a regular workday (M-F) or within 24 hours if on a weekend or holiday. I submitted my ticket on a Tuesday, so my expectation was a response within 3 hours, as promised.

The next day, I did get a response from both a live chat representative and an email support ticket representative. The responses came in around 9 hours after I sent the initial inquiries. Well past the 3-hour window promised during a weekday, but understandably beyond that time frame given I sent the inquiries at around midnight their time.

The Live Chat was by far the easiest method to use. This is often the case when services have a live chat in place. From my experience, live chat systems have been a good replacement for phone support. Heimdal’s live chat helped confirm that concept for me.

My only problem with Live Chat was how long it took to get a response. When I started up Live Chat I was already running short on time. In my first attempt, 10 minuted passed without a response. I had to pack up and leave with my question unanswered later the next day via email.

Both support staff responded to the same question in different ways, which was a bit confusing. My inquiry, specifically, was how to go about testing the malware scanner safely.

The live chat rep provided this response:

“Hi Sam. You would have to try to get infected. So no safe way, sorry.

The Malware Engine is not Heimdal Threat Prevention Home’s top feature – Traffic Scanning & Filtering is. The Malware Engine comes as a supplementary protection.”

While the email support ticket representative provided the following response:

“Hi Samuel,

Unfortunately, we do not have public testing files. You can build a virtual machine and use the trial of Heimdal and you can test all the features in a safe environment without compromising your primary machine.”

I certainly prefer the email support ticket response, but both responses were instructive. The live chat rep’s response would indicate that even if the malware scanner doesn’t work, it’s considered more a tertiary feature and not Heimdal Threat Prevention Home’s primary purpose. That would seem counter to how heavily advertised that feature is for the software, however. And given the new information I received later from email support, it would appear the Malware Scanner will be a key feature alongside traditional AV scanning and removal.

The email support rep’s response at least let me know that the company does have internal testing methods for the Malware Scanner. The implication here is that the Malware Scanner works, and I should conceivably be able to construct a method to test that feature in a safe environment with the right tools.

For the most part, I’m satisfied with Heimdal’s customer support. They may want to try to ensure more consistency between how questions are answered between the live chat and email support tickets, but the response times are good for both and I assume likely helpful for more serious inquiries.

If you’re trying to self-help with their support documents, however, it’s probably not worth your time. You’re better off skipping right to email or live chat support.

Effectiveness as a Security Solution

As a security solution, Heimdal Threat Prevention Home has some notable advantages. First, the fact that it scans all of your network traffic seamlessly is a boon. At no time did I have any interruptions to my network, nor did Heimdal Threat Prevention Home slow down my system while it was actively scanning. Even the notifications were fairly unobtrusive, although they did tend to linger on the screen longer than what I think is necessary.

The traffic scanning itself was undoubtedly Heimdal’s PRO’s most functional feature. It effectively blocked suspicious websites, even if it was a bit on the aggressive side.

The patching system also works extremely well, although I’m not particularly impressed with the fact that it can’t patch all of my downloaded programs. Still, the list of downloaded apps does include the most common security-critical applications that hackers tend to target. At the least, Heimdal Threat Prevention Home covers the basics with its software patching.

Having to go by Heimdal’s word that their malware scanner works as intended leaves me a bit uneasy. I prefer to test these things myself, but the malware scanning uses a method that proves a bit difficult to safely test for laymen. Still, their responsiveness in providing me with evidence was a great sign.

Considering how effective the other features worked, I’m fairly confident that should I encounter an issue with malware sending or receiving data, Heimdal Threat Prevention Home would notify me and deal with the situation effectively.


Overall, Heimdal Threat Prevention Home is a very attractive security solution. The toughest sell for anyone will be whether this additional layer of protection is actually needed. For individuals, that might be more difficult to prove.  While Heimdal Threat Prevention Home does have some features you can find without purchasing the software (such as website blocking), most what it can do is unavailable through even top-rated AV options. The automatic software patching is certainly a strong draw alongside the unique network scanning, especially if you’re purchasing Heimdal Threat Prevention Home for a small or midsized business.

If paired with a quality free antivirus program or a low-cost, minimally-featured paid program, Heimdal Threat Prevention Home picks up where those other options are often weakest.

DEAL ALERT: Save a huge 60% on Threat Prevention Home