Skip to content


The Devices page provides a complete list of protected endpoint devices connected to your workspace.

To access the page, log into the Coro console and select the Devices icon from the toolbar:

Devices list

On this page, you can:

  • View the full list of devices, with indicators for:
    • Whether a device has outstanding unresolved tickets
    • Whether the device is part of a labelled group.
    • Offline devices, where that device has been uncontactable for 24 hours. These devices might be switched off or just disconnected from the internet.
  • Filter the list to devices that match a specific set of criteria.
  • Find devices matching a specified search string.
  • Select a specific device to show more details, including:
    • Device type
    • Installed Coro Agent version
    • Attached drives
    • Open tickets connected with this device
    • Recently logged-in users
    • An activity log summary filtered to show only those events involving this device
  • Remove applied device labels.
  • Activate encryption for unencrypted device drives.
  • Perform various administrative Actions on a device.


Devices associated with any module requiring the installation of the Coro Agent appear in the devices list, even if no other modules are enabled.

Page filters

Coro offers the following filters on this page:

Filter type Description
Groups Show only devices that match a selected device status or are a part of one or more selected groups (all predefined and custom device labels).

Note: Selecting the predefined label All devices overrides any other selected label.
OS version Show only devices running the selected Operating System type and version.
Coro version Show only devices running the selected Coro Agent version.
Vulnerability Show only devices identified as having an open or closed ticket for one or more of the selected endpoint device vulnerabilities.

To learn more about each vulnerability type, see Ticket types for Endpoint Security and Ticket types for Endpoint Data Governance.

Device actions

Coro provides the following Actions on the currently selected device:


This list varies depending on the state of the device, so not all actions are available for all devices. Where a device is currently offline, a requested action may not take effect until the device reconnects.

Action Description
View details If this device has open tickets logged against it, show the relevant tickets in the Ticket Log.
Disable protection Deactivate Coro protection for this device.

To re-enable protection, navigate to the Activity Log, locate the relevant log entry, and select the Undo link.
Close related tickets Mark all open tickets related to this device as closed and remediated.
Add label Add this device to a label group. For more details, see Device labels.
Reboot device Remotely send a reboot command to the device.
Shut down device Remotely send a shut down command to the device.
Open remote shell Start a command prompt on the device to enable you to run commands remotely.
Remote scan for malware Remotely scan the device's drives for the presence of malware. Coro logs detected malware in the Ticket Log.
Stop remote scan for malware This action is available if remote scan for malware was started and is currently in progress.
Remote scan for sensitive data Remotely scan the device's drives for the presence of sensitive data such as PII (Personally Identifiable Information). For each drive that is scanned, a ticket is created that contains a list of the sensitive files that have been detected. For more details on senstive data, see Regulatory sensitive information types.
Stop remote scan for sensitive data This action is available if remote scan for sensitive data was started and is currently in progress.
Allow no encryption Allow this device to have unencrypted drives without triggering an Unencrypted Endpoint Drive ticket.
Update Agent to latest stable version Remotely update the Coro Agent to the latest stable version for your workspace.
Isolate from network Isolates the selected device from the network. An isolated device cannot communicate with any resource on the network or the internet. The Coro process remains functional in order to communicate with the Coro server.