First look at NordVPN's Threat Protection feature

Martin Brinkmann
Apr 30, 2022

NordVPN is a popular VPN provider. The company releases new features for its VPN clients regularly, and one of the latest features that it introduced is Threat Protection.

nordvpn threat protection

Threat Protection is a beta feature right now. The client may notify customers of the feature, but it is turned off by default. A click on the Shield icon in the Nord VPN client displays the available options.

Threat Protection blocks "ads, trackers, malicious websites and files" according to NordVPN; this is a core difference to the previously supported CyberSec feature of the NordVPN client, which blocked ads and malicious websites only using DNS filtering.

The CyberSec preference is no longer available under General in the Settings, and some customers may wonder whether it has been removed completely in favor of Threat Protection.

It appears, that NordVPN moved the feature to the Threat Protection preferences page. There, users find two options that they may enable. The full Threat Protection feature, or a Lite version; the description of the Lite version sounds similar to what CyberSec offered.

The full Threat Protection feature goes beyond the blocking of resources on the DNS level. It blocks ads and tracking on the web, but also malicious websites and files:

Block malware-ridden websites -- browse without a fear of accidentally catching malware.

Avoid malicious ads -- elevated your browsing experience and enjoy a cleaner web.

Stop web tracking -- experience a whole next level of privacy.

Protect your device from infected files -- get rid of malicious files before they do damage.

According to NordVPN's description on its website, Threat Protection protects a user's browsers even without active VPN connections. NordVPN achieves this by installing certificates in the browsers. The current version supports Chrome, Safari, Edge and Firefox. For Firefox, it is necessary to restart the browser before it can be used after the certificate has been installed.

The installation of certificates gives NordVPN a high level of control of the supported browsers and activity.

Threat Protection will scan executable files that do get downloaded automatically. These may be uploaded to the cloud for checking, but only if they have a size of 20 Megabytes or less.

Closing Words

Threat Protection is a beta feature at the time of writing. NordVPN needs to provide additional information on the inner workings of the feature, as the two setup pages in the client and the informational page on the NordVPN website lack details, for instance, whether it is using its own scanning capabilities for uploaded files or using third-party services.

The client does not explain how Threat Protection is installed, only what it does once it is enabled. Installing certificates in browsers gives NordVPN a lot of control over data in the browser, and users should at least be aware of this before they hit the turn on button in the interface.

Most NordVPN customers may want to stick with the lite mode feature, or keep everything disabled in the client and use other solutions, e.g., content blockers such as uBlock Origin and antivirus solutions, to keep their devices secure.

Now You: Would you use Threat Protection on your devices?

First look at NordVPN's Threat Protection feature
Article Name
First look at NordVPN's Threat Protection feature
First look at the security feature Threat Protection of the NordVPN VPN client.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. damla said on May 20, 2022 at 1:51 pm

    Martin What is the best free vpn extension

  2. lenjin said on May 1, 2022 at 8:28 pm

    I have been using Nord vpn for several years. He’s great. Also, I used the Cyber ??sec option while it was enabled in the app. Now I have activated only the lite version in NORD VPN because I can’t use Threat Protection because it conflicts with the Eset antivirus I have on my laptop. If you have both antivirus and Nord vpn installed on your computer, you will have problems: the pages are harder to load and the computer is slow. With the lite version of Nord VPN enabled, I have no problems with the antivirus. I think Nord VPN is slowly starting to create its own antivirus as well.

  3. Tom said on May 1, 2022 at 8:09 pm

    I’ve been using it since it’s release. Two points:
    – Disabled ‘Deep File Scan’, for it hampered the browsing experience (any website took longer to load)
    – and Disable it all completely when using Internet Banking (Brazil’s Bradesco Bank): I could not log-in or, logged, access the various pages inside (the contents never load)

  4. Yanta said on May 1, 2022 at 1:08 pm

    Another privacy breaking feature being added to an already bug and telemetry filled bloated piece of software that is way to resource heavy. Pass

    1. DrKnow said on May 2, 2022 at 1:46 am


      Sources? or just being the usual paranoid user on here?

  5. MITM certificates? said on May 1, 2022 at 5:26 am

    “Installing certificates in browsers gives NordVPN a lot of control over data in the browser, and users should at least be aware of this…”

    Ok, but what about the large bunch of other certificates that comes pre-installed in the the browser?

    Is it possible to disable it?

  6. Andy Prough said on May 1, 2022 at 4:54 am

    I used a family member’s NordVPN when I needed internet access while traveling in a country that restricts most US email and cloud services. It worked really well, very fast and there were lots of servers to connect to. If I was a NordVPN customer I wouldn’t have a big concern about using their certificate for threat protection tion, since they can see all my browsing traffic already if they want. The reason I wouldn’t use it is that I already use other methods of threat protection that I know and trust highly.

    I have to laugh when I see people post that VPNs have no value. Anyone saying that obviously hasn’t seen much of the world.

    1. Frankel said on May 1, 2022 at 9:34 am

      >since they can see all my browsing traffic already if they want

      LOL no, only metadata. You really don’t understand how a VPN works or what it does at all!
      If we take the tunnel analogy: I can still let TLS encrypted traffic pass through their tunnel, such as HTTPS websites and TLS encrypted traffic to an email server.

      The only reason why they want to install certificates is, the metadata itself is not enough to know what is happening when a user tunnels traffic.

      “It is for our security” have heard this preaching so long, and almost always it is BS.

      1. Andy Prough said on May 2, 2022 at 12:37 am

        >”LOL no, only metadata”

        Famous last words. “only the metadata” is enough to convict you in court, as we’ve seen in some cases.

      2. Samuel said on May 4, 2022 at 10:29 am

        What kind of fallacy is this, where you try to shove your mistakes upon other users?
        The VPN has all your metadata, and it is easier to filter for cops if they request the logs.
        Nonlogging VPNs don’t exist. And if the VPN really wouldn’t log, their exit nodes are logged by the government.

        VPNs are snakeoil and tracking companies. They only make sense in China, where the goverment has no jurisdiction over the EU or US. The EU and US VPNs will always rat you out.

  7. Anonymous said on April 30, 2022 at 11:48 pm

    Preventing cookies is not protection. Adding more extensions increases your browser’s trackability.

    @Tachy ‘I myself’ is a tautology.

    1. Tachy said on May 1, 2022 at 8:34 am

      @anonymous I’m usually just starting my 1st cup of coffee when I post here. It’s amazing I can read let alone spell or use proper grammar ;)

  8. Matti said on April 30, 2022 at 9:37 pm

    Installing certificates? And you’re supposed to pay them for this?

    That’s some next-level backdooring.

  9. Pet said on April 30, 2022 at 8:04 pm

    BY FAR the most advertised useless feature on the planet. A VPN. Especially NORD’s one. NO

    1. Caliray02 said on October 12, 2022 at 3:53 am

      I would like to understand, that’s why I’m here reading, I currently have NordVPN and I’m a linux newbie. I’m more than aware there’s better options for security,privacy, and speed. I just don’t have the knowledge to set it up and use it. Any suggestions? I stumbled across this site searching whether or not I should enable this new feature amd also if I should enable Nords dns feature.

  10. Tachy said on April 30, 2022 at 5:37 pm

    I myself would not use it but I can see where others who aren’t capable of juggling multiple privacy and protection addons might.

    One must remember that the maasive majority of internet users would never view a site like this one even if they were able to understand anything they read here.

    1. Frankel said on April 30, 2022 at 7:34 pm

      Hard pass:
      >achieves this by installing certificates in the browsers

      That’s a fun way of saying they can scan the entire HTTPS traffic of their users in the clear that way.

      >even if they were able to understand anything they read here
      Well you didn’t object to this, so?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.