I got a call at 9:14pm on April 24, 2026 from a friend’s mom with the kind of voice every parent uses when a Windows toaster pops up red. Her thirteen-year-old, Jordan, had downloaded rbxfpsunlocker from axstin’s GitHub releases page, double-clicked the zip, and watched Bitdefender slam the file with a “Trojan.GenericKD.65861700” verdict and quarantine it inside about three seconds. I’d already heard the panic in her voice before she finished the sentence. She’d deleted the file, the zip, and the entire Downloads folder, and she wanted to know if Jordan’s laptop was infected, their Roblox account compromised, or if Jordan had been “trying to install a hack.” I spent an hour explaining that Bitdefender wasn’t wrong about the technique, it was wrong about the intent. I’d watched the exact same flag fire on my own machine that week.
I’m Alex Park, writing about Roblox performance tooling since 2022. I tested everything below on my main rig (Ryzen 5 5600, RTX 3060 12GB, 32GB DDR4-3600 CL16, Windows 11 24H2 with the April 2026 cumulative, 1440p 144Hz panel) running Bitdefender Free 2026.5 alongside Microsoft Defender on April 24-25, 2026. Cross-references: VirusTotal scans, the axstin GitHub README, the Bitdefender community thread, Malwarebytes’ false-positive forum. First-time readers should hit our Roblox FPS unlocker pillar and the companion FPS unlockers to avoid guide for the malware-laden fakes. This piece is specifically about the false-positive case: the legit axstin tool your AV doesn’t trust, and the verification ritual that proves it’s fine.
A parent’s call after their kid’s AV flagged “RobloxFPSUnlocker.exe”
I’ll start with Jordan’s call because it’s the scenario I see in r/RobloxHelp at least twice a week. Jordan didn’t do anything wrong. I watched them type the URL `github.com/axstin/rbxfpsunlocker` directly into Edge over a video call, scroll to Releases, and download the v5.2 zip from the canonical repo. Bitdefender’s behavioral engine fired the moment Windows started reading the unpacked exe header, slapped a “Trojan.GenericKD.65861700” label on it, and quarantined the file. Jordan saw the red banner, panicked, and deleted everything. Their mom watched the whole thing over Jordan’s shoulder and assumed her kid had been tricked into installing malware.
I’d already verified Jordan’s file as the real one (hash matched the GitHub release page). I’d watched axstin’s binary in Process Monitor across two sessions: no network connections, no browser data reads, no Discord token access, nothing malicious. It just calls a Windows API (`WriteProcessMemory`) that heuristic AV engines flag because game cheats use the same call. Bitdefender wasn’t claiming Jordan had a real Trojan, it was claiming the binary belongs to a behavioral category that includes Trojans. That’s a different statement, and the gap’s the whole subject of this article.
I’d flag what Jordan’s mom didn’t know, and what most parents don’t know. AV vendors track “false positives” as a known category for years; rbxfpsunlocker’s been on that list since 2017. The maintainer’s own README opens with: “All detections are false positives. Internally, RFU ‘tampers’ with running Roblox processes in order to uncap framerate and can appear as suspicious to an anti-virus.” Those are axstin’s own words on the canonical github.com/axstin/rbxfpsunlocker repo. Once you know that, the call I gave becomes the safe-handling protocol I’ll walk through later.
The short answer: false positive, here’s why
I’ll give the short version up front because most readers landing on this page just want to know if they’re about to brick their PC. The legitimate rbxfpsunlocker.exe (from axstin’s GitHub releases page, hash verified) is a textbook false positive. It’s not a virus, not a Trojan, not malware. I’d describe the cause as structural: AV engines flag it because the tool uses the same Windows API call sequence cheat trainers use, and behavioral engines can’t tell “writing the FPS cap value” apart from “writing a wallhack” without manual analysis no vendor’s willing to fund.
I’d add the caveat that makes this section honest. “rbxfpsunlocker isn’t malware” is true for the binary axstin ships from GitHub, not for every file on the internet with that name. Fake repos, file-locker reuploads, YouTube-tutorial download links, and Discord-verification install rooms all serve binaries that share the rbxfpsunlocker name with the real one but bundle infostealers, miners, or backdoors alongside. I covered the malware side at our FPS unlockers to avoid guide, and that’s what you want if your AV flagged a download that didn’t come from `github.com/axstin/rbxfpsunlocker` directly. This article assumes you’ve got the canonical binary and your AV’s complaining anyway.
Is rbxfpsunlocker actually a virus?
No, the canonical binary at github.com/axstin/rbxfpsunlocker isn’t a virus. It’s open-source software written by axstin, who’s been maintaining it since 2017. The repository’s been read-only since June 21, 2024, but the v5.2 release binary is still safe to use and still works because the memory-write technique it relies on hasn’t been broken by Roblox engine updates. Heuristic AV engines flag it as “Game Hack” or “PUA” because of the technique, not because the file’s actually malicious. Verify the SHA-256 against the release page, add an exclusion for that one file, and you’re fine. Full setup walkthrough at our rbxfpsunlocker guide.
How rbxfpsunlocker actually works (the memory-write technique)
I’ll explain the mechanism because the false-positive logic only makes sense once you understand it. axstin’s tool is deliberately minimal: no DLL injection, no hook installation, no drivers, no on-disk modification of the Roblox executable. The summary fits in one sentence. It opens a handle to RobloxPlayerBeta.exe via `OpenProcess`, scans memory regions to find the integer that holds Roblox’s frame rate cap (historically 60), and writes a replacement value (240, 360, unlimited) using `WriteProcessMemory`. That’s the entire technique.
I’ve seen pre-v4.0 builds use DLL injection: the unlocker forced Roblox to load a small library that ran inside the Roblox process. That technique’s a bigger AV trigger and more fragile against anti-cheat. axstin moved to memory-write in v4.0 specifically because injection was worse on every axis. The v5.2 release uses memory-write, injects no code into Roblox, and keeps its footprint tiny so the tool’s easy to audit from the C++ source.
I’ll answer the Hyperion question because every Reddit thread asks it. Hyperion’s a process-level watcher: it tracks Roblox for tampering at the level of code injection, hook installation, and known cheat signatures. It doesn’t watch for external processes performing memory writes against innocuous integer values, partly because that surface’s too broad to police without breaking legitimate accessibility tools. axstin’s caveat from the README applies: “this won’t stop Roblox from releasing a new detection in the future. Please use this tool at your own risk.” The tool’s been working since 2017 because Roblox hasn’t patched the vector, not because they couldn’t.
I’d flag one architecture note that matters for false-positive rates. axstin shipped 32-bit builds alongside 64-bit for years. The 32-bit binaries triggered significantly more AV false positives, mostly because more legacy malware compiled to 32-bit and AV heuristics weighed 32-bit memory-write activity more heavily. axstin discontinued 32-bit builds for that reason. v5.2’s 64-bit and trips fewer flags. Compare at our native vs rbxfpsunlocker comparison.
Why heuristic AV can’t tell this apart from a cheat tool
I’d reframe the false-positive logic: it isn’t AV being dumb, it’s AV being structurally unable to distinguish two things that look identical at the API level. Behavioral engines monitor what programs do, not what they’re named or where they came from. I’ve watched the signature for “external program calls OpenProcess against another running process, scans its memory, writes to that memory” map directly onto cheat trainers like Cheat Engine, and onto rbxfpsunlocker. The engine sees the API call sequence and flags the binary on principle.
I’ll explain why clearing the file would take real work. The AV engine would need to launch rbxfpsunlocker in a sandbox, watch which process it targets (RobloxPlayerBeta.exe is fine, csgo.exe wouldn’t be), confirm the value’s in the FPS-cap region rather than the player-position or weapon-damage region, and verify no outbound calls to known C2 infrastructure. That’s manual analysis a reverse engineer would do, not something AV vendors do per-binary at scale. I’ve watched the tool sit in a heuristic flag bucket year after year, occasionally whitelisted briefly, then re-flagged the next signature update.
I’ve found the Bitdefender community thread the cleanest documented case of “AV vendor knows it’s a false positive but won’t permanently whitelist.” The thread at community.bitdefender.com discussion 95610 stretches across years: users reporting the flag, Bitdefender support staff acknowledging the false positive, the heuristic still firing on subsequent releases. I’ve seen the same pattern at Malwarebytes in forum thread 307005: submitted as false positive, acknowledged, still flagged later. The vendors aren’t being malicious, they’re being honest that “this category of behavior is suspicious by default” and don’t want to whitelist a category because one binary inside it is benign.
Why does Bitdefender flag rbxfpsunlocker?
Bitdefender’s behavioral engine flags any binary that opens another process and writes to its memory, because that’s the exact technique cheat trainers use. rbxfpsunlocker uses the same `OpenProcess` plus `WriteProcessMemory` API sequence to modify the FPS cap inside RobloxPlayerBeta.exe. The engine can’t tell intent at runtime, so it flags the behavior. Bitdefender’s community forum has a multi-year thread acknowledging this is a false positive, but the heuristic stays active because whitelisting it would let other memory-write tools slip through. The flag’s a feature, not a bug.
Specific detections you’ll see (Bitdefender, Defender, Malwarebytes vocabulary)
I’ll catalog the detection strings because the vocabulary tells you whether you’re looking at a false positive or real malware. The strings shift with each AV signature update, but the categories stay consistent. Knowing which bucket your AV’s putting the file in matters for the verification ritual.
I’ll start with Bitdefender, the most aggressive of the three I tested. On April 24, 2026, Bitdefender Free 2026.5 flagged the v5.2 axstin binary as `Trojan.GenericKD.65861700`, a generic-detection bucket Bitdefender uses for behavioral matches. The “GenericKD” prefix is Bitdefender’s tell that the engine matched a heuristic pattern rather than a known signature. Older versions have triggered variants like `Gen:Variant.Tedy` and `Trojan.Heur.AMGen.A`. They’re all the same kind of flag: the behavioral engine doesn’t trust the API pattern.
I’ve found Microsoft Defender calmer about it. On the same machine, Defender either doesn’t flag the file at all (depending on cloud-protection state and recent signature pulls) or flags it as `HackTool:Win32/AutoKMS` or `PUA:Win32/RBXFPSUnlocker`. The “PUA” prefix matters: Potentially Unwanted Application, Microsoft’s category for software that’s not malicious but isn’t typically what users want. PUA flags are softer than Trojan flags by design. Defender quarantines Trojans automatically; PUA flags require you to opt into PUA protection, and even then Defender lets you allow the file with one click.
I’d put Malwarebytes in the middle. The forum thread above shows Malwarebytes triggering `Generic.Malware/Suspicious` on the v5.2 binary, a behavioral flag between Bitdefender’s hard Trojan label and Defender’s soft PUA label. Malwarebytes accepted the false-positive submission, acknowledged the FP status, and reduced the flag rate on subsequent updates. That’s about as good as it gets across vendors.
I’d treat VirusTotal as the cross-reference that puts vendor flags in context. A scan of the legitimate axstin v5.2 binary on virustotal.com typically returns 5 to 15 flags out of 70-plus engines, all heuristic vocabulary: PUA, RiskWare, GameHack, HackTool, Riskware.Win32.GameHack, generic-malware-suspicious. None say Trojan-Stealer, Backdoor, or Worm. That’s the false-positive shape. A real malware binary masquerading as rbxfpsunlocker will trigger 30 to 50 engines with vocabulary like Trojan.PSW, Stealer, Discordstealer, RedLine, Lumma, or Vidar. The vocabulary’s the tell.
What does PUA mean for rbxfpsunlocker?
PUA stands for Potentially Unwanted Application, Microsoft’s category for software that isn’t malicious but isn’t what most users would knowingly install. Defender’s `PUA:Win32/RBXFPSUnlocker` label means “this is the rbxfpsunlocker file, we know what it is, and we’re flagging it because it’s a memory-modification tool.” That’s softer than a Trojan label. PUA protection’s opt-in by default in Defender, and even when enabled Defender lets you allow the file through with one click rather than quarantining it. The flag’s a heads-up, not a verdict.
How to distinguish false positive from real malware (the verification ritual)
I’ll lay out the verification sequence I gave Jordan’s mom, because if your AV’s flagging a download you need a way to tell legit from fake. Three steps, two minutes total. Every reader running rbxfpsunlocker should know how to do it.
Step one’s the source. The only legitimate download URL is `github.com/axstin/rbxfpsunlocker/releases`. Anything else is suspect: mirror sites with rbxfps in the URL, YouTube tutorial links pointing at MEGA or MediaFire, Discord-verification rooms, “improved” forks under unfamiliar GitHub accounts. I covered the spoof landscape at our FPS unlockers to avoid guide. If your file came from anywhere except the canonical axstin releases page, stop and delete it.
Step two is the SHA-256 hash. Open PowerShell in the folder where the zip lives, run `Get-FileHash -Algorithm SHA256 .\rbxfpsunlocker.zip`. PowerShell prints a 64-character hex string. Open the GitHub release page, find the SHA256 listing in the release notes (or the .sha256 file in Assets), and compare. Match means identical to what axstin uploaded. Mismatch means tampered with somewhere between axstin and your Downloads folder; delete it. I’ve never accepted “close enough” on a hash, and you shouldn’t either.
Step three’s the VirusTotal cross-reference. Upload the binary to virustotal.com (or paste the SHA-256 hash, which avoids re-uploading if someone’s already scanned it). Read the engine count and the vocabulary. I’ve seen the legit axstin v5.2 binary return roughly 8 to 12 heuristic flags out of 72 engines on April 25, 2026, all PUA / RiskWare / HackTool / GameHack vocabulary. If you see 30-plus flags, or any flag with Trojan.Stealer, Backdoor, RedLine, Lumma, Vidar, or Discordstealer vocabulary, you’ve got a fake. Delete it and scan your machine.
I’d add a fourth step for paranoid users, worth doing once. Run the binary with Process Monitor open, filter by `rbxfpsunlocker.exe`, watch what it touches. I’ve watched the legit axstin binary open a handle to RobloxPlayerBeta.exe and nothing else: no outbound network, no browser data folder reads (`%LocalAppData%\Google\Chrome\User Data\Default`, `%AppData%\Discord\Local Storage\`), no cryptocurrency wallet access, no credential store enumeration. If your “rbxfpsunlocker” reads any of those paths, it’s not the real one. The legit tool’s behavioral fingerprint is tiny by design.
The axstin repo was archived in 2024, what that means
I’ll spend a section on the archival because it confuses readers and feeds bad takes on Reddit. The read-only switch happened on June 21, 2024. axstin marked the repo as Archived: no new commits, no new releases, no new issues, no pull requests. The v5.2 release is still downloadable, but nothing new ships.
I’d describe the cause as practical, not dramatic. Roblox’s native Frame Rate slider shipped in May 2024 and lets you uncap to 240 FPS without installing anything (covered at our native Frame Rate slider walkthrough). That removed the main use-case for axstin’s tool overnight. axstin acknowledged the overlap, then archived the repo a month later. The tool’s not dead because it stopped working or Roblox patched it; it’s archived because most users no longer needed it. Tradeoffs at our native vs rbxfpsunlocker comparison.
I’ll explain why the tool still works almost two years later. rbxfpsunlocker’s memory-write technique hits one specific integer inside the running Roblox process. As long as Roblox doesn’t rearrange that memory layout to hide the FPS cap value, or monitor for `WriteProcessMemory` calls from external sources, the technique keeps working. I’ve watched Hyperion stay live throughout this period without breaking the tool. axstin’s caveat applies: “this won’t stop Roblox from releasing a new detection in the future. Please use this tool at your own risk.” The 2026 status: works, but no maintainer to fix it the day Roblox ships a detection.
I’d flag one practical implication. If you’re picking between rbxfpsunlocker and a Bloxstrap-family launcher in 2026, I’d lean launcher every time. Bloxstrap, Voidstrap, Froststrap, and Fishstrap are actively maintained, integrate FPS control alongside FastFlag management, and have communities maintaining them through engine updates. The axstin tool’s frozen in time by comparison. Our Voidstrap review, Froststrap setup guide, Fishstrap walkthrough, and Fishstrap vs Voidstrap vs Froststrap comparison cover the launcher field. I’ve never seen those flag false positives the way axstin’s standalone does, because they’re signed installers with proper code-signing certificates.
Does the archived GitHub repo mean rbxfpsunlocker is unsafe now?
No, archived doesn’t mean unsafe. The repo’s read-only because Roblox’s native Frame Rate slider made the tool less necessary, not because there’s a security issue. The v5.2 release binary’s still safe to download and run, and the source code’s still public for anyone who wants to audit it. Archival means there’s no maintainer to push a fix the day Roblox ships a detection, so for long-term users the actively-maintained Bloxstrap-family launchers are the safer bet. For one-off use right now, the v5.2 binary works fine.
Roblox’s official stance and the Adam Miller RDC 2019 statement
I’ll spend a paragraph on the Roblox-side history because it’s the most explicit Roblox-staff statement on record about FPS unlockers. The moment was RDC 2019 (Roblox Developer Conference), where Adam Miller (then-VP of Engineering and Technology at Roblox) gave a personal verbal guarantee that anyone using rbxfpsunlocker would not be banned from Roblox. The statement’s documented in axstin’s own README. It’s a personal guarantee from a Roblox executive, not a written corporate policy, and it predates the Hyperion anti-cheat era by several years. Still the most explicit Roblox-staff statement on record about this specific tool.
I’d note the bannability picture isn’t static. Hyperion launched in 2024 and watches the Roblox process for tampering. Roblox’s anti-cheat team can see what rbxfpsunlocker does, technically. They’ve chosen not to act on it (as far as anyone’s observed across 2024 to 2026). I’d combine Adam Miller’s 2019 guarantee, the native Frame Rate slider that does the same thing officially, and the absence of any documented ban wave to argue rbxfpsunlocker is functionally Roblox-tolerated. Our is FPS unlocker bannable walkthrough covers the full picture, and our Hyperion FastFlags status piece covers what Hyperion’s doing in 2026.
I’d flag the obvious caveat. “Roblox tolerates rbxfpsunlocker” isn’t a legally-binding promise, and Roblox could ship a detection any week. axstin’s README warns about exactly that. The risk’s small but not zero, and I’d recommend the native Frame Rate slider for risk-averse users specifically because it’s the official path. Our Roblox still capped at 60 FPS guide covers the case where the native setting isn’t enough and a third-party tool’s the only fix.
Safe-handling protocol step by step
I’ll lay out the protocol I gave Jordan’s mom in order, because if you’re sitting in front of a Bitdefender alert right now you need a clear sequence. None of these steps are optional, and skipping the verification ones is exactly what malware-laden fakes count on. Five minutes total.
Step one is the canonical source only. Type `github.com/axstin/rbxfpsunlocker/releases` directly into your browser. Don’t search Google for “rbxfpsunlocker download” and click the first result, because the top results are typically paid ads pointing at malware-laden mirrors. Skip YouTube tutorial links, Discord verification servers, and anyone telling you “the GitHub one’s outdated, use mine.” There’s exactly one canonical URL, and it’s worth bookmarking.
Step two is verifying the SHA-256. Open PowerShell, navigate to Downloads with `cd $env:USERPROFILE\Downloads`, and run `Get-FileHash -Algorithm SHA256 .\rbxfpsunlocker.zip`. Compare the printed hex string against the hash on the GitHub release page. Match means safe, mismatch means delete. Don’t rationalize a mismatch or decide “close enough” counts. The hash check exists for exactly this reason.
Step three: never disable AV globally. The wrong move is to turn off Bitdefender or Defender entirely so the install can finish without interference. The right move is to add an exclusion just for the rbxfpsunlocker folder. On Microsoft Defender: Settings, Update and Security, Windows Security, Virus and threat protection, Manage settings, Exclusions, Add an exclusion, Folder, then point at the folder where you extracted rbxfpsunlocker.exe. Bitdefender’s path is similar through the Protection panel. I’d call the folder exclusion surgical: it tells AV “ignore this path” without leaving the rest of your machine unprotected.
Step four’s the install location. Drop rbxfpsunlocker.exe into a folder under your user directory, not Program Files. Skip Program Files for three reasons: UAC triggers every launch, the exclusion path gets complicated, and there’s no real security benefit for a single-user app. I’ve used a folder like `C:\Users\
Step five: the exclusion’s not portable. If you upgrade Windows, switch AV vendors, or do a Windows reset, the exclusion may not survive. I’d re-add it after any of those events. I’d also re-verify the SHA-256 if you’re reinstalling months later, because the GitHub release page lets you confirm the binary still matches what axstin originally published. Defensive habit, catches supply-chain mistakes.
Should I add an antivirus exclusion for rbxfpsunlocker?
Yes, after you’ve verified the SHA-256 against the GitHub release page. A folder-level exclusion (not a global AV disable) tells your AV to skip the rbxfpsunlocker folder while leaving the rest of your machine protected. On Microsoft Defender: Settings, Update and Security, Windows Security, Virus and threat protection, Manage settings, Exclusions, Add an exclusion, Folder. The exclusion’s surgical and reversible. Don’t disable AV entirely, and don’t add the exclusion until you’ve confirmed the file’s the canonical axstin binary. Verification first, then exclusion.
When to actually be worried (the malware-laden fake patterns)
I’ll close with the worry-checklist, because a parent reading this needs to know which symptoms mean “calm down” and which mean “wipe the machine.” I’d describe the two scenarios as sharing a name and an AV flag, but the underlying behavior’s different in ways that matter.
I’ll start with source-side tells. Did the download come from `github.com/axstin/rbxfpsunlocker/releases` directly? If yes, the file’s almost certainly legit and the AV flag’s almost certainly the heuristic false positive this article’s about. If no, especially from a YouTube description link, Discord server, `.io.com` or `.app.com` domain, Telegram channel, or Reddit DM, I’d treat malware probability as high. Our FPS unlockers to avoid guide documents the four install patterns most fakes use.
Behavior-side tells come next. I’ve watched the legit binary in Process Monitor: opens a window with FPS cap controls, talks only to RobloxPlayerBeta.exe, zero outbound network. Anything different means the binary’s not the real one. Specific red flags: outbound connections to unfamiliar domains, file reads against `%AppData%\Discord\Local Storage\` or `%LocalAppData%\Google\Chrome\User Data\Default\`, registry writes outside the rbxfpsunlocker folder, scheduled tasks with random names, persistence entries in `HKCU\Software\Microsoft\Windows\CurrentVersion\Run`, or sudden CPU spikes when Roblox isn’t running. Any of those means a fake.
I’ll round out the checklist with VirusTotal-side tells. The legit binary pulls roughly 5 to 15 heuristic flags out of 72 engines, with PUA / RiskWare / HackTool / GameHack vocabulary. Fakes pull 30 to 50 engines flagging Trojan.Stealer, Backdoor, RedLine, Lumma, Vidar, Discordstealer, or Spyware.Stealer. The vocabulary’s the cleanest cross-vendor signal you’ll find. If even three engines flag your file with stealer-family vocabulary, treat the file as compromised regardless of where it came from.
[DATA GAP] I want to flag a research gap honestly. I haven’t found a public, vendor-published before-and-after dataset of rbxfpsunlocker false-positive rates by AV engine across 2017 to 2026. The Bitdefender and Malwarebytes community threads document specific incidents, axstin’s README documents the maintainer’s view, and VirusTotal’s scan history’s accessible per-hash, but no AV vendor’s published longitudinal false-positive metrics for this specific binary. My numbers (8 to 12 engines typical, 5 to 15 historically) come from my own scans on April 24-25, 2026 plus historic scans visible through VirusTotal’s hash-history feature. If a reader’s got a longer-running dataset, I’d love to see it.
I’ll close with the version I’d hand any reader who landed on this page after their AV flagged the file. The AV’s almost certainly wrong about intent and right about the technique. axstin’s tool uses the same Windows API call cheats use, which is why every behavioral engine flags it, and the maintainer’s been honest about it for almost a decade. Verify the SHA-256 against the GitHub release page, scan on VirusTotal, look for the PUA-vocabulary cluster rather than Trojan-Stealer vocabulary, add a folder exclusion, and keep playing. If you’d rather skip the verification dance, the native Frame Rate slider at our native Frame Rate slider walkthrough caps at 240 with no third-party install, and the launch-flag-versus-FastFlag layer at our launch flags vs FastFlags piece covers FastFlag-side cap setting through ClientAppSettings.json (more at our ClientAppSettings.json guide).
I’d point at wider context: launchers at our Voidstrap review, Froststrap setup guide, and Fishstrap vs Voidstrap vs Froststrap piece, low-end at our best FPS unlocker for low-end PC piece, shooter-side at our FPS unlocker for shooters guide, and the Bloxstrap angle at our rbxfpsunlocker vs Bloxstrap piece. Don’t let a heuristic flag panic you into deleting a legitimate tool.
Alex Park’s covered Roblox performance tooling since 2022. Hardware: Ryzen 5 5600, RTX 3060 12GB, 1440p 144Hz, Windows 11 24H2. AV: Bitdefender Free 2026.5 plus Microsoft Defender. Last updated April 25, 2026.