Device posture configuration overview

Admin users with sufficient permissions can set and manage device posture policies for endpoint devices via the Device Posture page. Coro collects and analyzes data from connected devices to ensure compliance with these policies.

Device posture policies are grouped according to the following device vulnerabilities:

• UAC Notification Missing (Windows)
• Device Password Missing
• Firewall Disabled
• Unencrypted Endpoint Drive
• Development Mode Enabled (Windows)
• Non-genuine Windows Copy (Windows)
• Remote Password & Session Locking
• Wi-Fi Connection
• USB Lockdown
• Gatekeeper Disabled (macOS)
• Apple Mobile File Integrity Disabled (macOS)
• System Integrity Protection Disabled (macOS)

You can apply device posture policies to groups of devices by setting device labels against each policy. Device labels enable you to apply policies to groups of devices sharing the same label. If a device fails to comply with a posture policy, Coro generates an Endpoint Security ticket and initiates the remediation action specified in that policy.

Device posture policies are listed under each vulnerability along with their corresponding device labels and remediation action:

Accessing the Device Posture page

To access the Device Posture page:

1. Sign into the Coro console .
2. Select Control Panel :

   

3. Select Endpoint Security :

   

4. Select the Device Posture tab:

   

Editing an existing policy

To edit an existing device posture policy:

1. Access the Device Posture page .
2. Select the dropdown next to the desired policy group name:

   

3. Select the three-dot menu next to the desired policy:

   

4. Select Edit policy :

   

5. Select the remediation action for the policy:

   

   You can select the following remediation actions, depending on the policy:

   • Review : No auto-remediation is performed, and the ticket is classified as requiring review . The ticket remains open until either an admin user closes it manually or the vulnerability is observed by the Coro endpoint agent as being resolved.
   • Enforce : Auto-remediation is performed, recorded in the ticket, and the ticket is auto-closed.

   note

   After you create a workspace for new customers, Coro sets all Device Posture settings to "Review" by default. This setup enables you to configure your Device Posture settings according to your preferences and security requirements.

   Device Posture settings for existing customers remain unchanged.

6. Select device labels to apply to the policy from the Apply policy to devices with these labels field:

   

7. Select SAVE to apply your changes.

Removing an existing policy

To remove an existing device posture policy:

1. Access the Device Posture page .
2. Select the dropdown next to the desired policy group name:

   

3. Select the three-dot menu next to the desired policy:

   

4. Select Delete policy :

   

   The Delete policy dialog appears.

5. Select CONFIRM :

   

   The device posture policy is removed.