Does Coro Endpoint Detection and Response (EDR) detect potentially malicious services running on devices?

Yes, the Coro EDR Allow/Block lists enable you to block the execution of unsafe processes. Blocking the execution of unauthorized or suspicious processes can help stop malware and other malicious software from running on the device.

For more information, see EDR Block/Allow Lists.

Can Coro Endpoint Detection and Response (EDR) block certain applications on devices?

Yes, the Coro EDR Allow/Block lists enable you to block the execution of applications.

For more information, see EDR Block/Allow Lists.

How does Coro Endpoint Detection and Response (EDR) isolate an infected device from a network?

When Coro isolates a device affected by a malicious process from the network, the device cannot communicate with any network or internet resource. However, the Coro process stays active, allowing the device to maintain communication with the Coro server for diagnostic purposes.

For more information, see EDR processes.

Does Coro Endpoint Detection and Response (EDR) provide the ability to disconnect/isolate a device from all internet activity and log in to the device using remote monitoring and management (RMM) software in order to diagnose?

Yes, selecting Isolate from network from a device on the Devices list isolates a device from networking and is only able to connect to the Coro Agent. After a device is isolated, a Coro admin can select Open remote shell to access a command prompt on the device, which allows remote command execution.

For more information, see Device actions.


The EDR module is required to perform the device actions discussed.

Why can I not add allowed processes to the Endpoint Detection and Response (EDR) Allow/Block list?

Coro EDR is designed to identify malicious processes that remain undetected by the endpoint protection platform (EPP). After these malicious processes are identified, they are relayed to the EPP and subsequently blocked. Adding processes to the Allow list contradicts the objective of detecting and blocking malicious processes.

Is it possible to purchase Coro Endpoint Detection and Response (EDR) without the Endpoint Security module?

While it is possible to purchase each of the modules separately, purchasing the two modules together provides more comprehensive protection for endpoints.

What services, add-ons, and modules are dependent on purchasing Coro Endpoint Detection and Response (EDR)?

Although Coro EDR is user-friendly, effective operation demands a basic understanding of security principles. If you do not have a dedicated security team, consider opting for Coro’s Managed Endpoint Detection and Response (MDR) service. For more information, go to https://www.coro.net/endpoint-protection/mdr.

MDR is ideal for smaller IT teams, enhancing your security posture by integrating Coro's technology with the knowledge of our specialized security experts.

What services, add-ons, and modules is Coro Endpoint Detection and Response (EDR) dependent on?

Coro EDR can be purchased as a standalone module and does not depend on other services or modules to operate.

When purchased together with the Endpoint Security module it enhances your security posture by providing another layer of security to your endpoints.


The Coro Agent is required for Coro EDR to function.

Does Coro Endpoint Detection and Response (EDR) have a threat hunting feature?

Threat hunting serves as an operational practice rather than just a cybersecurity feature. Many security solutions encompass some form of "threat hunting," yet the key aspect lies in utilizing the data derived from these efforts after threats are discovered. Effectively leveraging this data demands analytical expertise and specialized security knowledge.

Coro EDR stands out as a specialized tool specifically designed to streamline and simplify the investigative and analytical processes crucial for detecting threats in cybersecurity. It aids in enhancing the efficiency of threat detection by enabling a more efficient and comprehensive approach to handling threat-related data.

What is the difference between Coro Endpoint Detection and Response (EDR) and Coro Endpoint Security modules?

Coro's EDR module differs from the Endpoint Security module in terms of primary focus and functionality. The Coro Endpoint Security module secures connected endpoints by identifying and rectifying configuration and policy weaknesses that can expose the system to potential attacks, while also emphasizing governance and policy implementation. The Coro Endpoint Security module uses traditional next-generation anti-virus measures to defend against known malware threats.

In contrast, the Coro EDR module swiftly identifies malicious activities and provides immediate actionable strategies to contain security incidents, minimizing potential damage.

What are the key features of Coro Endpoint Detection and Response (EDR)?

Coro EDR offers the following key features:

  • Unified Endpoint Security : Simplify endpoint security management with a single agent catering to all endpoint-related services.
  • Immediate Remote Remediation : Remotely perform immediate actions within the platform to contain security incidents and prevent further damage.
  • Process Blocking and Management : Admin users can proactively add suspected processes to the Block list to prevent them from running in the future.
  • Comprehensive Data Insights : Comprehensive and detailed data in an easily navigable format, enabling informed decision-making and understanding.

Is Coro Endpoint Detection and Response (EDR) compatible with multiple operating systems?

Coro EDR is compatible with Microsoft Windows, Microsoft Windows Server, and macOS.

How scalable is Coro Endpoint Detection and Response (EDR)?

Coro EDR functions discreetly in the background, minimizing its footprint and evading detection. Coro EDR seamlessly supports multiple connected endpoint devices, ensuring minimal disruption to productivity or performance.

Does Coro Endpoint Detection and Response (EDR) aggregate data from multiple endpoints to enhance contextual analysis?

Yes, Coro EDR correlates process and telemetry data across multiple endpoints for enhanced contextual understanding in order to improve threat assessment and detection.

How does Coro Endpoint Detection and Response (EDR) align with compliance standards?

Coro EDR adheres to major compliance standards, including HIPAA, SOX, ISO, GLBA, and FISMA.

For a full list of compliance standards, see Regulatory compliance.

When are Endpoint Detection and Response (EDR) tickets closed?

To help avoid an unnecessary overload of tickets, Coro automatically closes all EDR-related tickets after 48 hours. However, if the same or other related processes continue to execute, additional tickets will still be opened. Tickets can also be manually closed once the necessary actions have been completed.

Can I bulk import both allowed and blocked process records using a CSV file?

You can bulk import blocked process records to the EDR Block list using a CSV file.

Why does telemetry data only show for certain processes?

When a process interacts with a telemetry source monitored by Coro Endpoint Detection and Response (EDR), the associated telemetry information of that process is available on the Telemetry page (Control Panel > EDR > Telemetry).

Does Coro Endpoint Detection and Response (EDR) perform automatic threat mitigation?

No, Coro EDR focuses on detecting and responding to potential threats rather than automatically mitigating them. EDR solutions, such as Coro EDR, are designed to provide visibility into endpoint activities, allowing admin users with sufficient permissions to investigate and take action.