Next Generation Anti Virus (NGAV) settings¶

The NGAV tab is used to configure settings for device monitoring using the Coro Agent. These settings apply to all devices in the workspace.

Advanced Threat Control¶

When enabled, Coro monitors active processes for known and potential threats, and blocks processes that exhibit suspicious behavior.

You can enable a blocked process to run on a device from the respective Infected Process ticket using the Approve process group action:

To learn more, see Infected process.

Secured Shadow Backups¶

When enabled, Coro enforces backup snapshots every four hours and blocks processes that exhibit risks to the backup. the Coro Agent utilizes the Windows VSS (Volume Shadow Copy Service) mechanism to automatically save a snapshot of your device's files. Ransomware attacks typically corrupt or encrypt local files, therefore taking frequent backups of your files is essential to allow quick recovery and minimize business impact.

To learn more, see Using VSS backup protection on your Windows endpoints.

Enhanced EDR block mode¶

When Coro Endpoint Protection is used side-by-side with Windows Defender Antivirus, Coro provides added endpoint detection and response (EDR) from potential threats. Enhanced EDR block mode enforces this added protection by ensuring access to timely data that may otherwise be suppressed by the environment.

Enable an initial malware and ransomware scan¶

When enabled, a malware scan of the device is performed upon initial installation of the Coro Agent. Deeper scans can be initiated remotely at any time.

To learn more, see Endpoint Security ticket types.