App Review Huawei HiSec Endpoint Security revisited

[Fan-of-spyshelter]

Have you ever thought one version could be internal development build while one is public? Just my guess bc the build is almost the same and comes from the same domain. What up with the PS: Trust Center.

blababla,

Listen unaware user M inghi.60066, if i don't have solid proof of your partner ship with huawei uniportal, I will formally ask the Admin to ban your account and every device you’ve connected through Cloudflare for attempting to distribute a falsified EDR build, Consider this is your last chance to prove authenticity.

for me you acted just as a criminal hacker (reversing some security STATE COUNTRY soft witch is highly FORBIDDEN)

and now i see this ?

Statement on MadeYouReset Vulnerabilities in HTTP/2 Implementations
SN No. : huawei-sn-SoMViHI-39440133 (28-08-2025)

Following the discovery of a series of denial of service (DoS) vulnerabilities (CVE-2025-8671, CVE-2025-48989, CVE-2025-55163, CVE-2025-5115)—with CVE-2025-8671 known as 'MadeYouReset'—in some HTTP/2 implementations, Huawei has launched an immediate investigation.The investigation is still ongoing, and Huawei PSIRT will update this security notice (SN) as new information emerges. (Vulnerability ID:HWPSIRT-2025-88575,HWPSIRT-2025-21287,HWPSIRT-2025-77700,HWPSIRT-2025-24497)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-8671,CVE-2025-48989,CVE-2025-55163,CVE-2025-5115

i have nothing to say more, and i will ignore you.

 

[minhgi]

blababla,

Listen unaware user M inghi.60066, if i don't have solid proof of your partner ship with huawei uniportal, I will formally ask the Admin to ban your account and every device you’ve connected through Cloudflare for attempting to distribute a falsified EDR build, Consider this is your last chance to prove authenticity.

for me you acted just as a criminal hacker (reversing some security STATE COUNTRY soft witch is highly FORBIDDEN)

and now i see this ?

Statement on MadeYouReset Vulnerabilities in HTTP/2 Implementations
SN No. : huawei-sn-SoMViHI-39440133 (28-08-2025)

Following the discovery of a series of denial of service (DoS) vulnerabilities (CVE-2025-8671, CVE-2025-48989, CVE-2025-55163, CVE-2025-5115)—with CVE-2025-8671 known as 'MadeYouReset'—in some HTTP/2 implementations, Huawei has launched an immediate investigation.The investigation is still ongoing, and Huawei PSIRT will update this security notice (SN) as new information emerges. (Vulnerability ID:HWPSIRT-2025-88575,HWPSIRT-2025-21287,HWPSIRT-2025-77700,HWPSIRT-2025-24497)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-8671,CVE-2025-48989,CVE-2025-55163,CVE-2025-5115

i have nothing to say more, and i will ignore you.

I have no need to prove myself of anything and common logic say why Huawei hosted a tampered build on their site. No need for threat. I am just here to learn about security and what security software is good enough to use. Everyone's input, including yours, is a good learning experience. If you look from the outside and from different angles, each piece of information is useful and helps me make more intelligent decisions when it comes to IT Security. Your knowledge is appreciated.

 

[roger_m]

Listen unaware user M inghi.60066, if i don't have solid proof of your partner ship with huawei uniportal, I will formally ask the Admin to ban your account and every device you’ve connected through Cloudflare for attempting to distribute a falsified EDR build, Consider this is your last chance to prove authenticity.

I am seriously concerned about your mental health and suggest you see a medical professional.

 

[roger_m]

I have no need to prove myself of anything and common logic say why Huawei hosted a tampered build on their site. No need for threat. I am just here to learn about security and what security software is good enough to use. Everyone's input, including yours, is a good learning experience. If you look from the outside and from different angles, each piece of information is useful and helps me make more intelligent decisions when it comes to IT Security. Your knowledge is appreciated.

Don't worry about his posts. He is delusional and has absolutely no idea what he is a talking about. That would be why cruelsister has not even bothered responding to him. He has previously claimed that he is a security expert, but his posts prove he's clueless. You won't learn anything from his posts, but will gain knowledge if you follow the posts from Cruelsister, Trident and some of the other more knowledgeable members here.

 

[Allen Steve]

Have you ever thought one version could be internal development build while one is public? Just my guess bc the build is almost the same and comes from the same domain. What up with the PS: Trust Center.

The enterprise version participated in the AV-T test, and the UI was slightly different from the personal version. A Chinese mobile phone number can apply for a 3-month free trial of the enterprise version, enterprise version has a cloud engine,

 

[Fan-of-spyshelter]

The enterprise version participated in the AV-T test, and the UI was slightly different from the personal version. A Chinese mobile phone number can apply for a 3-month free trial of the enterprise version, enterprise version has a cloud engine,

@Allen Steve : the version shown by the YouTuber appears to be fake. Here are the key reasons:

as you can see,

The database version was dated March 10, 2025, while the test was supposedly run on August 25, 2025 – nearly five months later. In that period, many new CVEs had appeared, so such an outdated database makes the test invalid, this also strongly suggests that the product had no real cloud connectivity, otherwise, the system would have updated automatically (signature heur only) or raised a notification about the lack of connection.

For me the Windows firewall was enabled at the highest level during the test or was intoentionnaly blocked, which is not the normal setup when evaluating a true EDR solution. In a real enterprise deployment, the Windows firewall is not the primary layer of protection. Enterprise EDR products are designed to operate behind dedicated network security (NGFW, proxies, gateways), where all traffic is analyzed before execution.

here is the proof that an EDR need to be continuously connected :

The EDR is inside the remote firewall

The link @minhgi was sharing publicly was clearly not an official Huawei release.

why ?

• The file is hosted on myhuaweicloud.com with a TEST directory and is named EDR-Agent-Personal, which is not the enterprise Qiankun version.
• The provided hash is different from any official reference. A genuine Huawei distribution would have a fixed hash published in the documentation – not a dynamic one changing between downloads.
• If this were a legitimate enterprise EDR agent, it would be distributed only via the official Huawei partner portal, not through a temporary OBS link.

now what ?

How to Avoid Counterfeit Goods? | Legal | Huawei Global

Learn how to avoid counterfeit goods on the Huawei website.

consumer.huawei.com

for this product.

"Here is the file from shadowra". (374, 30MB)

So,

from what is written here : Agent下载成功后，请双击完成安装。可参考手册进行安装包完整性校验，校验码：62fef44e7764586d1286628fe9b0c1261a4b509be5208f1c958ba7033c96ce9279e4389390d2ee46e386a3b4d201809d3810a809c8a59858c6fe465c630c4b6b

what is the purpose to see a hash when there is some time in the link it self to download the product ? POISON !

conclusion :
this one here under is not official this one is a TEST product

"https://green-security-agent.obs.cn-north-4.myhuaweicloud.com/free/368cfd07b3e1452fbc4a9323d6b8bf17/ TEST /en/windows/EDR-Agent-Personal_windows_x64_Setup.zip?AccessKeyId=QFWDRMXHPXJ6S2DVPWTN&Expires=1759165571&Signature=P4zspbamhZ2UdoE3gd9qCO4Meo4="

this is why the EDR tested here was so bad in terms of trying to find the malwaresamples (i am pretty sure this one contain a botnet)

ps : Statement on Cyber Security and Privacy Protection - About Huawei (there is no MY huawei here too)