App Review Tencent iOA Endpoint Security 2025

[Shadowra]

Content source

https://odysee.com/@Shadowra:f/Tencent-iOA-Endpoint-Security:6

Tencent is a well-known Chinese company.
Known for its applications, its holdings in various businesses and also in China for its security solutions.
Today, we're testing iOA, their enterprise security solutions.
Let's take a look...



Interface :

Tencent's interface is reminiscent of its origins, totally in the mood of Chinese AVs.
Simple, uncluttered and very colorful.
The software is simple: everything is well configured, the product is very light!
However, a few translation errors may occur on the alerts, which are sometimes in Chinese...

Web protection: 5/7
2 malwares passed without reaction and 3 links died.
The rest were blocked

Fake crack : 0,25/1
1 détection, 2 missed

Malware Pack : Remaining 16 threats out of 77
Malware detection is pretty good, with Tencent blocking some big traps.
On the other hand, when it comes to execution, Tencent is sorely lacking in advanced shields, and simply blocks certain payloads when it knows about them.
This is a real shame.

Final scan :
Tencent : 3
NPE : 9
KVRT : 13
EEK : 7

Final opinion:

Tencent delivers a fairly average performance.
While the engine is average, with a good detection rate, it clearly lacks proactive and behavioral shields, and the antivirus relies too much on its Cloud network to defend itself, which is insufficient.
Average result.

@Allen Steve request

 

[Bot]

Sorry I couldn't contact the ChatGPT think tank

 

[Shadowra]

@Shadowra I am unable to load the video to see the interface…

Yet I can still display it :/

 

[Jonny Quest]

It's working fine on my Windows 11 laptop

 

[Parkinsond]

@Shadowra I am unable to load the video to see the interface…

Bare-boned

 

[roger_m]

Thanks for the test. I've been looking forward to this one, as I'm currently using. It's causing no issues for me, unlike Huawei HiSec which was causing minor problems, but I probably should replace it with something better.

 

[Sorrento]

Thank you for another review that has obviously taken much time & effort.

 

[neven1127]

No offense but we call it "VirusTotal scanner" in some cases, as it copied fast from other vendor's scan results

 

[Trident]

No offense but we call it "VirusTotal scanner" in some cases, as it copied fast from other vendor's scan results

The fact that it “copies” doesn’t mean anything, they may have partnerships and may be using threat intelligence feeds from third parties. Which wouldn’t be surprising. It doesn’t mean that someone is browsing VT and copying detections.

 

[Parkinsond]

they may have partnerships and may be using threat intelligence feeds from third parties

Just as Osprey do.

 

[Trident]

Just as Osprey do.

Many do… not just Osprey.
In the US, there is the Cyber Threat Alliance which governs and mandates the sharing of threat intelligence. I believe it’s ran by the Department of Homeland Security. When there is an active campaign detected by one of them, you can expect rapid sharing between all of them. Anyway, this is slightly off-topic but displays how companies collaborate and share — doesn’t mean that they copy each other.

Below are the members.

 

[neven1127]

The fact that it “copies” doesn’t mean anything, they may have partnerships and may be using threat intelligence feeds from third parties. Which wouldn’t be surprising. It doesn’t mean that someone is browsing VT and copying detections.

The problem is the false positive detection issue. Sometimes it copied the result from other vendors who detected in the first place. But when they removed the detection because of FP after further analysis, it still keeps the detection, kind of annoying.

 

[Trident]

The problem is the false positive detection issue. Sometimes it copied the result from other vendors who detected in the first place. But when they removed the detection because of FP after further analysis, it still keeps the detection, kind of annoying.

Because the threat intelligence feeds are served as massive JSON files updated every x seconds. So once the serving vendor places something in these feeds, the absorbing developer will have the hash somewhere on their cloud infrastructures. Someone needs to then report false positive so the developer can react. That’s a side effect of threat feeds. Usually this is balanced with counter-feeds and channels for obtaining safe files.

 

[piquiteco]

How interesting, the Tencent iOA Endpoint Security 2025 test. It's great to see these AVs in action, the results were surprising. BTW Thanks for the test @Shadowra, the video was very well produced and edited with great skill. I also liked the soundtrack of your video, always with selected songs. I'm going to miss your videos a lot when you go on vacation in August. I sincerely appreciate the effort you have put into recording and editing the AV test videos.

 

[Popolitus]

Any download link available?

 

[piquiteco]

Any download link available?

The content creator would have the download link, but he is on holiday and will return on the 23rd. Unless someone else has the link? @Trident, do you have the link?

 

[Oldie1950]

Why not try this: iOA

 

[piquiteco]

Why not try this: iOA

I believe he knows this URL. Tencent Endpoint requires an ID account + PIN + TOKEN. You cannot download it directly. I believe that is why he is requesting the download link.

Spoiler: Tencent ID account

 

[Fan-of-spyshelter]

Any download link available?

a geuine please, with hash and checksum, best practise, thanks.

PS : botnet inside DDOS attack, on the road, so be carefull.