Endpoint Agent
Does the Coro Agent require an internet connection at all times?
The Coro Agent is fully autonomous and does not require connectivity for its operation. Occasional networking is needed to report findings to Coro servers, as well as to get updated on any changes to device posture policy and threats database.
How much disk space is required by the Coro Agent?
Approximately 1.5GB, of which over 1.2GB is devoted to the security knowledge base, which allows the client to operate autonomously.
How much memory does the Coro Agent consume?
The amount of memory consumed under normal conditions is approximately 400MB. During scanning, memory usage is determined by the size of the files to be scanned.
What is Tamper Protection?
Coro Agent Tamper Protection prevents malicious software from terminating or interfering with the Coro Agent, thereby disabling protection. Tamper Protection settings can be found in the Coro Console by navigating to Control Panel > Devices > Settings.
For more information, see Agent settings.
Can I run Windows Defender alongside Coro?
Windows Defender is not required when using Coro. If Windows Defender is running alongside Coro, Enhanced EDR Block Mode must be enabled in the console.
To enable Enhanced EDR Block Mode:
-
Select
Control Panel
from the toolbar:
-
Select
Endpoint Security
:
- Select the NGAV tab.
-
Enable
Enhanced EDR Block Mode
:
Can the Coro Agent be removed from multiple users in bulk?
Yes, this is possible using an external mass deployment tool that can be used to uninstall the Coro Agent from all devices. Tamper Protection must be disabled on all the devices first.
For more information, see Agent settings.
What happens when you remove a user from protection? Does it also remove the Coro Agent from their devices?
No, when a user is removed from protection, only email and cloud apps are no longer protected. The device is not removed, and vulnerabilities are still detected, reported, and remediated. To remove the device, either disable Tamper Protection on the device so that the user can uninstall it or select Disable protection on the device from the Devices view. This prevents the endpoint client from detecting and reporting any device vulnerabilities.
As a ransomware detection and remediation tool, what advantages does Coro have over other traditional Endpoint Detection and Response (EDR) tools?
Unlike traditional EDRs, Coro provides extended protection, including device posture monitoring. Coro can assist in preventing such threats by ensuring users have firewalls installed, passwords set on their devices, and data encryption enabled.
A recent test of the Coro Windows Agent was conducted by SE Labs (https://selabs.uk/) and Coro received an overall score of 97%, giving it an AAA rating.
Can an endpoint device be connected to more than one workspace?
No, a device can only be linked to a single workspace. The installation process will fail if you attempt to install an agent from a different workspace on a device that already has Coro installed.
What is the average size of a definition/signature update received by the Coro Agent from the Bitdefender servers?
On average the Bitdefender engine downloads 60-70 MB a day.
Can the Coro Agent be uninstalled through the Coro Console?
No, currently, the Coro Agent cannot be uninstalled through the Coro Console. The user can uninstall the Coro Agent only after Tamper Protection has been disabled for the device from the console by an admin user.
For more information, see Agent settings.
When a client approves a file via the Coro Agent that's flagged as malware, does it apply to all endpoint devices?
The file is approved for all devices within the same workspace.
I am attempting to configure two-factor authentication (2FA), but I am not prompted to sign in with 2FA the next time I login to Coro.
You can only use 2FA if you log in with a username and password. Social logins (Microsoft 365 or Google Workspace) do not require the use of 2FA. The user's 2FA can be disabled in the Admin Users section of the Control Panel. 2FA can only be configured for social accounts directly from your Google or Microsoft account.
for more information, see Two-factor authentication (2FA).
How do I uninstall the Coro Agent from my device?
To uninstall the Coro Agent from a device, an admin user needs to first disable Tamper Protection (Control Panel > Devices > Settings) on the device. After Tamper Protection is disabled, the Coro Agent can be uninstalled from the device.
for more information, see Uninstalling the endpoint agent.
Can an admin user remotely remove the Coro Agent from a device?
No, the Coro Agent cannot be removed remotely. Device protection must be disabled from the console:
- Go to Control Panel > Devices > Settings .
- Disable Tamper Protection .
After Tamper Protection is disabled, uninstall the Coro Agent from the device.
For more information, see Agent settings.
What port number does the Coro Agent use?
Coro uses port 443. Non-standard ports are not supported.
What are the minimum versions of iOS and Android supported by Coro?
iOS 15+ and Android 9+ are the minimum versions of iOS and Android supported by Coro respectively.
What is Visibility Mode?
When Visibility Mode is enabled (Control Panel > Devices > Settings), the Coro Agent generates events and sends notifications to end users, but no automatic remediation (such as quarantine or process kill) is performed.
What should I do if my existing antivirus on the device is preventing the installation of Coro?
If you already have another antivirus running on our device, you can pause the antivirus protection for a few minutes while you install the Coro Agent.
For more information, see:
Is there a way to see when Coro Agent updates occur from the console?
Yes, you can see the available Coro Agent versions from the Devices section of the Control Panel.
For further information, see Agent deployment.
How does Coro manage the transition to a new version of the agent, and does this process involve any system downtime?
When updating to a new agent version, the old version is uninstalled and the new version is installed. There is a service interruption for a few minutes as this occurs.
How do I disconnect an endpoint device from an expired trial workspace?
You can uninstall the Coro Agent from a device once your workspace trial expires. When a workspace transitions to an inactive state after a trial period, tamper protection is automatically disabled, allowing for uninstallation of the Coro Agent from protected devices.
How does Coro handle updating the Agent to the most stable release?
Coro utilizes a standard external installer to manage updates for the Agent. This process involves uninstalling the old version of the Agent and then selecting and installing the most recent stable release. During this update, there is a brief interruption to the Coro service.
Can I assign device posture policies to a group of users or devices during a mass Agent deployment?
No, you cannot assign device posture policies during the mass installation of the Coro agent. You must configure device posture policies from the Coro console after deploying the agent.
Is there any way to mute the Coro Agent notifications on an endpoint device?
While you cannot directly mute notifications from the Coro agent, you can adjust Coro notification settings from your Windows 10 or later, or macOS device:
To adjust Coro notification settings from a Windows 10 or later device:
- From the Windows desktop, select Start .
- Select Settings > System .
- Select Notifications & actions from the sidebar.
- Scroll to the Get notifications from these senders section.
- Select the Coro Endpoint Protection application, and then customize your notification preferences.
To adjust Coro notification settings from a macOS device:
- Go to System Settings .
- Select Notifications .
- Select the Coro Endpoint Protection application, and then customize your notification preferences.
Can I install the Coro Agent on a device that is running Bitdefender?
The Coro service utilizes a Bitdefender Software Development Kit (SDK). To avoid conflicts that may interfere with the installation of the Coro Agent, Bitdefender and any other antivirus software must be uninstalled prior to installing the Coro Agent.
How do I verify that the Coro Agent is registered as an authorized Windows Security Center (WSC) provider?
Run the following powershell command to verify that the Coro Agent is registered as an authorized WSC provider:
Get-WmiObject -Namespace "root\SecurityCenter2" -Class "AntiVirusProduct"
Important
To register Coro as an authorized WSC provider, your device must have:
- Coro Agent v3.2 (beta 2.5.65.1) or later installed.
- Windows 10 or later installed.
For more information, see Downloading and installing the Agent.