v3.1 February 11, 2024
Version 3.1, a major release, includes:
Prerequisites
Before you can use the features and enhancements described below, you must update the relevant agent on your device. macOS/Windows agents 3.1 will be available on February 18, 2024.
New features
This section describes the add-ons and other new features that we are releasing with version 3.1.
1 - Coro console
The following features have been added to the Coro console:
1.1 - Multi-region deployment
Coro now offers organizations the option to establish workspaces and store data in Canadian and German data centers, alongside existing US centers. This capability is essential for organizations in Canada and Europe who need to keep data within their operational region to meet local regulatory requirements.
The console for each region has a unique URL:
- US: https://secure.coro.net
- Canada: https://secure-ca.coro.net
- Germany: https://secure-eu.coro.net
Important
Organizations that connected a Google Workspace service to the Canada or Germany regions during the beta testing phase must disconnect and reconnect your Google Workspace account. Contact your support representative for more details.
For further information, see Coro architecture.
1.2 - Summary reports
An executive summary report is now available for each workspace. It offers a detailed overview of the security status and activities within a workspace, featuring a dynamic structure that adapts to the specific modules enabled in the workspace and the tickets generated within the selected reporting period. The report is divided into several key sections, including:
- A general overview highlighting protected users, devices covered, and generated tickets
- The top vulnerabilities for the workspace
- Tickets and top vulnerabilities for each module
For further information, see Summary reports.
1.3 - Archive workspaces
MSPs can now archive inactive child workspaces, and Coro admins can archive inactive child and regular workspaces. When a workspace is archived, any cloud applications are disconnected and Inbound Gateway and Network settings are cleared.
For further information, see Archive workspaces.
2 - Endpoint Security
The following features have been added to the Endpoint Security module:
2.1 - macOS device USB lockdown
USB drives on macOS devices can now be blocked. The USB Lockdown device policy allows admin users to block mass storage devices such as USB flash drives and USB hard drives.
For further information, see USB lockdown.
2.2 - macOS device tamper protection
Tamper protection is now supported on macOS devices.
For further information, See Tamper protection.
3 - Email Security
The following features have been added to the Email Security module:
3.1 - Inbound Gateway
Coro’s Inbound Gateway add-on extends the anti-malware and anti-phishing protection offered by the Email Security module. It offers a full email proxy gateway solution that intercepts all inbound emails destined for your user’s accounts before malicious content can enter the organization's network.
For further information, see Inbound Gateway.
4 - EDR
The following features have been added to the EDR module:
4.1 - Detections
Coro EDR now detects and creates tickets based on malicious process detection rules.
For further information, see Ticket types for EDR.
4.2 - Allow/Block list CSV imports
Coro EDR can now import file, folder, and process records from a list contained in a CSV file.
For further information, see Block processes.
5 - Network
The following features have been added to the Network module:
5.1 - Encryption strength
The Coro VPN now offers two encryption strengths:
- AES-128: faster, enterprise-grade security
- AES-256: slower, military-grade security
By default, a virtual office has an encryption strength of AES-128.
For further information, see Change the encryption strength.
6 - MDM
The following features have been added to the MDM module:
6.1 - Rich application search
Admin users can now add applications to a device policy from the Coro console based on the app name.
6.2 - Disenroll a device
Admin users can now mark a device as disenrolled from the Coro console. The device remains visible in the Devices list, but is no longer accessible or managed by Coro MDM.
6.3 - Remove a device
Admin users can now permanently remove a disenrolled device from Coro MDM.
7 - Connectors
The following features have been added to the Connectors section of the console:
7.1 - ConnectWise integration
Coro now supports ConnectWise PSA integration. ConnectWise is used to map services (Coro modules and add-ons) and companies (managed workspaces) via a PSA connector in order to report workspace usage data.
For further information, see ConnectWise integration.
Enhancements
Version 3.1 introduces the following additional changes:
- Content inspection permissions
- EDR Base64 decoded command line support
- Protection against disabling the Windows Event Log
- EDR data protection
- Accuracy of IP geolocation
- Export admin user notifications
1 - Content inspection permissions
When content inspection is enabled, admin users can view sensitive data in the email content and findings sections of tickets related to User Data Governance. Sensitive data is data considered private or protected by law, policy, or contractual obligation.
When disabled, these sections display a message stating "Access to sensitive data is restricted" if they contain sensitive data.
2 - EDR Base64 decoded command line support
Coro EDR now automatically decodes base64-encoded command lines displayed on the Telemetry page, rendering them understandable for admin users.
3 - Protection against disabling the Windows Event Log
For Windows devices, when Tamper Protection is enabled, Coro EDR now safeguards against malicious attempts to disable the Windows Event Viewer, which is critical for gathering Windows event log EDR telemetry data.
4 - EDR data protection
If a device loses network connectivity or the Coro agent is inactive, Coro EDR now preserves your telemetry and process data. This saved data becomes accessible once the device re-establishes connection or the Coro Agent resumes operation.
5 - Accuracy of IP geolocation
The accuracy of IP geolocation has been improved for Access Permission and Suspected Identity Compromise tickets.
6 - Export admin user notifications
MSPs can now export the notification settings of their admin users to a CSV file. Each admin user sets their notifications from My Account -> Notifications.
Fixed items
- Files with a comma in the file name sent through Secure Messages were not able to be downloaded. These files can now be downloaded.
- When some special characters were entered in the search bar, an error message was received. Special characters can now be used without receiving errors.
Agent updates
This section describes the following additional agent updates that we are releasing with version 3.1:
Prerequisites
The relevant agent must be updated on your device before changes take effect. The features described will not function until the updated macOS and Windows agents are installed. These are available on February 18, 2024.
1 - macOS agent 3.1
macOS agent 3.1 releases February 18, 2024, and includes the following:
1.1 Mass storage lockdown
For further information, see macOS device USB lockdown.
1.2 Tamper protection
For further information, see Tamper protection.
1.3 - Bug fixes
General bug fixes were made for this release.
2 - Windows agent 3.1
Windows agent 3.1 releases February 18, 2024, and includes the following:
2.1 - Protect from disabling the Windows Event Log
For further information, see Protection against disabling the Windows Event Log.
2.2 - Protect EDR data from network loss
For further information, see EDR data safeguarding.
2.3 - Improved scan mode detections
Improved detection scanning.
2.4 - Bug fixes
General bug fixes were made for this release.