Introducing the Coro Agent

Important

Coro is introducing Agent support for Linux endpoint devices. This functionality will be available soon.

The Coro Agent provides protection for Linux, macOS, and Windows endpoint devices.

The Coro Agent is autonomous and operates without relying on connectivity to the Coro service.

The macOS and Windows Agents operate in real-time, scanning files whenever a user or process attempts to access them. If a file is identified as malicious, Coro quarantines it.

Important

The Linux Agent currently only supports remote malware scanning on supported Linux distributions.

The macOS and Windows Agents include an additional layer of protection called advanced threat control (ATC). ATC provides real-time monitoring by analyzing processes for known and potential threats and blocks any processes exhibiting suspicious behavior.

The Coro console (frontend) connects to the backend via a private API and controls information and commands transferred to and from cloud applications and Coro Agents to the backend. These three components form the basis of the Coro cybersecurity platform.

Endpoint Agent Architecture

The Coro Agent operates similarly to other antivirus applications: it compares the hashes of downloaded files to public databases of previously checked viruses; if they match, Coro quarantines the file. Additionally, the macOS and Windows Agents identify system vulnerabilities. For example, it verifies that the device is protected by a password and that Developer Mode remains disabled, see Device posture configuration overview.

Ensuring device protection is critical, especially as compliance requirements often mandate encrypting all internal and external device drives used within an organization. The Coro Agent, through policy definition in the Coro console, actively aids organizations in monitoring, protecting, and ensuring compliance for the endpoint devices utilized by their employees.

The macOS and Windows Agents are in your device's system tray or menu bar:

Coro Agent

Important

The Linux Agent is optimized for command-line environments and does not include an interface.

The macOS and Windows Agents display:

  • Notifications about the Agent and your device:

    Agent notifications

  • VPN connection details if Coro Network is enabled. For more information, see connect a device to the VPN .
  • General information, such as your Coro Agent version, workspace, and Coro device ID:

    Agent information

Important

The Windows Agent monitors devices to detect persistence-based malware, such as scheduled tasks and registry modifications that might execute malware. This monitoring examines critical areas, including startup folders and registry entries, to make sure no malicious tools or processes execute.

To learn more about deploying the Coro Agent, see the following guides: