App Review Huorong Internet Security v6.0.7.12 (Modified Setting)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
janx
janx

janx

New Member
Thread author
Oct 4, 2025
2
12
4
Content source
https://www.youtube.com/embed/Ewn4wongJs0?si=2piJ5SI7bl-cydFZ


Huorong Internet Security 6.0.7.12 Malware Test (Modified Settings)

Note:

I’ve modified several settings to improve detection rates. In my opinion, these should be the default settings, as the stock configuration is too lenient.

User Interface and Tools

Surprisingly good for a Chinese antivirus other av usually include bundled junkware, excessive pop-ups, and cluttered layouts. however, huorong is clean and easy to navigate.
The included tools, such as SecAnalysis (which feels like a combination of *ProcMon* and *Comodo KillSwitch*), are also genuinely useful for advanced users.

Scan Test​

Files Tested: 332
Undetected: 88
Detection Rate: 73.49%

Overall detection is decent. With some tuning, it performs much better than the default configuration. Also I haven't turn some feature to maximum yet might test it later.

Execution Test​

Files Executed: 33
Immediately Blocked: 11
Immediate Block Rate: 33.33%

Note:
Only files that were instantly blocked upon execution are counted here. Detections triggered later (e.g. by HIPS, behavior analysis, or memory protection) are not included in this percentage.
However, these advanced layers (HIPS, behavior-based, and memory protection) successfully stopped quite a number of the remaining samples.

Second Opinion​

After testing, 2 samples remained active in memory.

HitmanPro Detections: 1
Kaspersky virus removal tool: 0

Analysis:
The first file appeared inactive it performed multiple registry reads, create prefetch and attempted a TCP connection to a server that returned a 503 error.
The second file also read several registry keys but didn’t seem to perform any noticeable malicious activity.

Summary​

With proper configuration, Huorong performs reasonably well. Its clean UI, powerful built-in tools, and Behavior detection layered that works.
But the default settings is quite bad out of the box with memory protection enable but only for logging, and the real-time blocking could be more aggressive out of the box and using the advanced heuristic scanning in real-time scanning would improve protection significantly, though it may increase false positives, which is understandable.
 
  • Like
  • +Reputation
Reactions: Sunshine-boy, Behold Eck, roger_m and 3 others
janx said:


Huorong Internet Security 6.0.7.12 Malware Test (Modified Settings)

Note:

I’ve modified several settings to improve detection rates. In my opinion, these should be the default settings, as the stock configuration is too lenient.

User Interface and Tools

Surprisingly good for a Chinese antivirus other av usually include bundled junkware, excessive pop-ups, and cluttered layouts. however, huorong is clean and easy to navigate.
The included tools, such as SecAnalysis (which feels like a combination of *ProcMon* and *Comodo KillSwitch*), are also genuinely useful for advanced users.

Scan Test​

Files Tested: 332
Undetected: 88
Detection Rate: 73.49%

Overall detection is decent. With some tuning, it performs much better than the default configuration. Also I haven't turn some feature to maximum yet might test it later.

Execution Test​

Files Executed: 33
Immediately Blocked: 11
Immediate Block Rate: 33.33%

Note:
Only files that were instantly blocked upon execution are counted here. Detections triggered later (e.g. by HIPS, behavior analysis, or memory protection) are not included in this percentage.
However, these advanced layers (HIPS, behavior-based, and memory protection) successfully stopped quite a number of the remaining samples.

Second Opinion​

After testing, 2 samples remained active in memory.

HitmanPro Detections: 1
Kaspersky virus removal tool: 0

Analysis:
The first file appeared inactive it performed multiple registry reads, create prefetch and attempted a TCP connection to a server that returned a 503 error.
The second file also read several registry keys but didn’t seem to perform any noticeable malicious activity.

Summary​

With proper configuration, Huorong performs reasonably well. Its clean UI, powerful built-in tools, and Behavior detection layered that works.
But the default settings is quite bad out of the box with memory protection enable but only for logging, and the real-time blocking could be more aggressive out of the box and using the advanced heuristic scanning in real-time scanning would improve protection significantly, though it may increase false positives, which is understandable.
Click to expand...

Thanks for the detailed write-up and video, @janx! Huorong isn't one of the more commonly discussed AVs here on MalwareTips, so it's great to see some fresh testing on it—especially with your tweaks to bump up the detection rates. I agree that stock configs on many AVs can be too conservative; it's always a balance between usability and security.

A few thoughts/questions:
  • Did you notice any significant performance impact after enabling those advanced heuristics or maxing out other features? Huorong's reputation for being lightweight is a plus, but aggressive settings might change that.
  • The built-in tools like SecAnalysis sound intriguing—any chance you could share a quick screenshot or more details on how it compares to ProcMon in practice? (If it's as good as you say, it might sway some users away from bloated suites.)
  • On the execution test: 33% immediate blocks isn't stellar, but the layered defenses picking up the slack is promising. Have you compared this to something like Comodo or ESET in a similar setup?

Overall, solid test—looking forward to any follow-ups if you crank those settings higher. Keep 'em coming! 😊
 
  • Like
  • Love
Reactions: Behold Eck, andytan and stonjean633
A significant number of users with low-end computers resisted upgrading to version 6.0, as it consumes more resources than version 5.0. The huorong official team likely considered this aspect, making the default settings of huorong 6.0 relatively closer to those of version 5.0.
However, users still frequently report that version 6.0 experiences lag or high memory usage, and the official response is always to reduce monitoring levels...
Updating once a day still draws criticism, let alone the fact that the official policy delays startup updates by 30 minutes...
However, you can add its upgrade program to the task scheduler with the parameter "-a" to enable automatic updates upon system login.
 
  • Like
Reactions: roger_m, stonjean633, Khushal and 1 other person
Allen Steve said:
A significant number of users with low-end computers resisted upgrading to version 6.0, as it consumes more resources than version 5.0. The huorong official team likely considered this aspect, making the default settings of huorong 6.0 relatively closer to those of version 5.0.
However, users still frequently report that version 6.0 experiences lag or high memory usage, and the official response is always to reduce monitoring levels...
Updating once a day still draws criticism, let alone the fact that the official policy delays startup updates by 30 minutes...
However, you can add its upgrade program to the task scheduler with the parameter "-a" to enable automatic updates upon system startup.
Click to expand...
Can you explain a bit more about the included engines?
 
  • Like
Reactions: simmerskool, stonjean633 and Khushal
Last edited:
  • Like
  • Thanks
Reactions: roger_m, stonjean633 and Trident
Allen Steve said:
This is the engine description released by Huorong. You can translate it with a screenshot:
Click to expand...
According to the document, it uses both cloud and machine learning.

It also uses hashing - full hashinf, ssdeep and tlsh.

Anti-virus engine components

An antivirus engine that meets the above definition generally consists of at least the following modules:

1. Data format identification and analysis module

Responsible for identifying and analyzing the format of the scanned object and providing sufficient format-related information to the scanning core;

2. Antivirus signature database

a) Local feature library;

b) Cloud feature library;

3. Scan core

Responsible for the scanning logic of the entire antivirus engine. Different scanning technologies are also scheduled by the scanning core;

Anti-virus engine scanning technology

1. Feature Scan

a) Full-text hash;

4/25Machine Translated by Google

b) Segment hashing;

c) Locality Sensitive Hashing;

d) Key data

i. Identify malicious code by extracting key code or data fragments from the malicious code;

ii. Key data characterization and methods vary, but will include at least two types of information, namely,

Bit method and matching method. For example, between file offset 0x100 and 0x200, search

Find the sequence AABBCCDDEEFF;

2. Heuristic Scanning

a) Static heuristic scanning: By extracting the static information of the object to be scanned, the maliciousness is evaluated through the heuristic algorithm.

intention;

b) Dynamic heuristic scanning: By extracting dynamic information of the object to be scanned (for example,

behavior), and evaluate its maliciousness through heuristic algorithms;

3. Dynamic Behavior Analysis

When the anti-virus engine scans, it dynamically executes the object to be scanned in the virtual sandbox and captures its dynamic

Behavior and assess its maliciousness through behavioral patterns or heuristic algorithms;

4. Statistical classification based on big data

a) Support Vector Machine (SVM);

b) Decision tree;

c) Neural Networks;
Click to expand...
 
  • Like
  • +Reputation
Reactions: simmerskool, roger_m and stonjean633
Allen Steve said:
no,no,no, He's just introducing what antivirus engines are available in the market here. You have to scroll down to see what the Huorong engine has...
Click to expand...
Oh I see... yeah, it all seems to be based on the Cobra/HVM engine... not amazing...

Dynamic analysis is usually the most reliable way to classify a sample, but the emulator doesn't have all day to analyse, it has milliseconds so this is where most of the evasions come from. In addition, it requires constant profile updates. This is a rather weird design decision.
 
  • Like
  • +Reputation
Reactions: simmerskool, roger_m and Allen Steve

You may also like...