Endpoint Agent
Does the Coro Agent require an internet connection at all times?
The Coro Agent is fully autonomous and does not require connectivity for its operation. Occasional networking is needed to report findings to Coro servers, as well as to get updated on any changes to device posture policy and threats database.
How much disk space is required by the Coro Agent?
Approximately 1.5GB, of which over 1.2GB is devoted to the security knowledge base, which allows the client to operate autonomously.
How much memory does the Coro Agent consume?
The amount of memory consumed under normal conditions is approximately 400MB. During scanning, memory usage is determined by the size of the files to be scanned.
What is tamper protection?
Tamper protection prevents malicious software from terminating or interfering with the Coro Agent, thereby disabling protection.
Can I run Windows Defender alongside Coro?
Coro advises against running another antivirus (AV) product alongside the Coro Agent. Upon installation, Coro registers as the primary AV software for the device and is listed as an authorized provider in Windows Security Center (WSC). This automatically disables Windows Defender.
For more information, see Running other antivirus software with Coro.
Can the Coro Agent be removed from multiple users in bulk?
Yes, you can use an external mass deployment tool to uninstall the Coro Agent from multiple devices simultaneously. Allow agent uninstallation must be enabled in the workspace of the affected devices first.
For more information, see Agent settings.
What happens when you remove a user from protection? Does it also remove the Coro Agent from their devices?
No, when a user is removed from protection, only email and cloud apps are no longer protected. The device is not removed, and vulnerabilities are still detected, reported, and remediated. To remove the device, either enable Allow agent uninstallation in the workspace of the device so that the user can uninstall it, or select Disable protection on the device from the Devices view. This prevents the endpoint client from detecting and reporting any device vulnerabilities.
As a ransomware detection and remediation tool, what advantages does Coro have over other traditional Endpoint Detection and Response (EDR) tools?
Coro offers advantages over traditional antivirus (AV) software products by providing advanced protection features, such as device posture monitoring. It ensures critical security measures are in place, including firewalls, password-protected devices, and data encryption, to help detect and remediate ransomware threats.
A recent test of the Coro Windows Agent was conducted by SE Labs (https://selabs.uk/) and Coro received an overall score of 97%, giving it an AAA rating.
Can an endpoint device be connected to more than one workspace?
No, a device can only be linked to a single workspace. The installation process will fail if you attempt to install an agent from a different workspace on a device that already has Coro installed.
What is the average size of a definition/signature update received by the Coro Agent from the Bitdefender servers?
On average the Bitdefender engine downloads 60-70 MB a day.
Can the Coro Agent be uninstalled through the Coro Console?
No, currently, the Coro Agent cannot be uninstalled through the Coro console.
Important
Admin users must enable Allow agent uninstallation in the workspace of the affected device before the user can uninstall the Coro Agent.
For more information, see Agent settings.
When a client approves a file via the Coro Agent that's flagged as malware, does it apply to all endpoint devices?
The file is approved for all devices within the same workspace.
I am attempting to configure two-factor authentication (2FA), but I am not prompted to sign in with 2FA the next time I login to Coro.
You can only use 2FA if you log in with a username and password. Social logins (Microsoft 365 or Google Workspace) do not require the use of 2FA. The user's 2FA can be disabled in the Admin Users section of the Control Panel. 2FA can only be configured for social accounts directly from your Google or Microsoft account.
for more information, see Two-factor authentication (2FA).
How do I uninstall the Coro Agent from my device?
To uninstall the Coro Agent from a device, an admin user must first enable Allow agent uninstallation from the workspace of the affected device. After enabling Allow agent uninstallation, users can uninstall the Coro Agent from their device.
For more information, see Uninstalling the endpoint agent.
Can an admin user remotely remove the Coro Agent from a device?
Yes, an admin user can remotely remove the Coro Agent from a device using supported remote monitoring and management (RMM) tools. These include, but are not limited to, Atera, Windows Server GPO, JAMF Pro, and JumpCloud.
What port number does the Coro Agent use?
Coro uses port 443. Non-standard ports are not supported.
What are the minimum versions of iOS and Android supported by Coro?
iOS 15+ and Android 9+ are the minimum versions of iOS and Android supported by Coro respectively.
What is Visibility Mode?
When Visibility Mode is enabled (Control Panel > Devices > Settings), the Coro Agent generates events and sends notifications to end users, but no automatic remediation (such as quarantine or process kill) is performed.
What should I do if my existing antivirus on the device is preventing the installation of Coro?
If you already have another antivirus (AV) software running on a device, pause the AV protection for a few minutes while you install the Coro Agent.
Important
Coro advises against running another AV product alongside the Coro Agent. For more information, see Running other antivirus software with Coro.
For more information, see:
Is there a way to see when Coro Agent updates occur from the console?
Yes, you can see the available Coro Agent versions from the Devices section of the Control Panel.
For further information, see Agent deployment.
How does Coro manage the transition to a new version of the agent, and does this process involve any system downtime?
When updating to a new agent version, the old version is uninstalled and the new version is installed. There is a service interruption for a few minutes as this occurs.
How do I disconnect an endpoint device from an expired trial workspace?
When a workspace transitions to an inactive state after a trial period, Coro enables Allow agent uninstallation, which allows you to uninstall the Coro Agent from protected devices within the workspace.
note
Allow agent uninstallation is by default disabled when the status of the workspace is not inactive.
For more information, see: Uninstalling the Coro Agent.
How does Coro handle updating the Agent to the most stable release?
Coro utilizes a standard external installer to manage updates for the Agent. This process involves uninstalling the old version of the Agent and then selecting and installing the most recent stable release. During this update, there is a brief interruption to the Coro service.
Can I assign device posture policies to a group of users or devices during a mass Agent deployment?
No, you cannot assign device posture policies during the mass installation of the Coro agent. You must configure device posture policies from the Coro console after deploying the agent.
Is there any way to mute the Coro Agent notifications on an endpoint device?
While you cannot directly mute notifications from the Coro agent, you can adjust Coro notification settings from your Windows 10 or later, or macOS device:
To adjust Coro notification settings from a Windows 10 or later device:
- From the Windows desktop, select Start .
- Select Settings > System .
- Select Notifications & actions from the sidebar.
- Scroll to the Get notifications from these senders section.
- Select the Coro Endpoint Protection application, and then customize your notification preferences.
To adjust Coro notification settings from a macOS device:
- Go to System Settings .
- Select Notifications .
- Select the Coro Endpoint Protection application, and then customize your notification preferences.
Can I install the Coro Agent on a device that is running Bitdefender?
The Coro service utilizes a Bitdefender Software Development Kit (SDK). To avoid conflicts that may interfere with the installation of the Coro Agent, Coro recommends uninstalling Bitdefender and any other antivirus (AV) software prior to installing the Coro Agent. For more details, see Running other antivirus software with Coro.
How do I verify that the Coro Agent is registered as an authorized Windows Security Center (WSC) provider?
Run the following powershell command to verify that the Coro Agent is registered as an authorized WSC provider:
Get-WmiObject -Namespace "root\SecurityCenter2" -Class "AntiVirusProduct"Important
To register Coro as an authorized WSC provider, your device must have:
- Coro Agent v3.2 (beta 2.5.65.1) or later installed.
- Windows 10 or later installed.
For more information, see Downloading and installing the Agent.
What determines the language of the Coro Agent user interface (UI)?
The language of the Coro Agent UI is determined by the operating system's language on the device where it is installed.
The Coro Agent UI supports the following languages:
- English
- Spanish (Spain)
- Italian (Italy)