v3.1 February 11, 2024

Version 3.1, a major release, includes:


Before you can use the features and enhancements described below, you must update the relevant agent on your device. macOS/Windows agents 3.1 will be available on February 18, 2024.

New features

This section describes the add-ons and other new features that we are releasing with version 3.1.

  1. Coro console
  2. Endpoint Security
  3. Email Security
  4. EDR
  5. Network
  6. MDM
  7. Connectors

1 - Coro console

The following features have been added to the Coro console:

1.1 - Multi-region deployment

Coro now offers organizations the option to establish workspaces and store data in Canadian and German data centers, alongside existing US centers. This capability is essential for organizations in Canada and Europe who need to keep data within their operational region to meet local regulatory requirements.

The console for each region has a unique URL:


Organizations that connected a Google Workspace service to the Canada or Germany regions during the beta testing phase must disconnect and reconnect your Google Workspace account. Contact your support representative for more details.

For further information, see Coro architecture.

1.2 - Summary reports

An executive summary report is now available for each workspace. It offers a detailed overview of the security status and activities within a workspace, featuring a dynamic structure that adapts to the specific modules enabled in the workspace and the tickets generated within the selected reporting period. The report is divided into several key sections, including:

  • A general overview highlighting protected users, devices covered, and generated tickets
  • The top vulnerabilities for the workspace
  • Tickets and top vulnerabilities for each module

For further information, see Summary reports.

1.3 - Archive workspaces

MSPs can now archive inactive child workspaces, and Coro admins can archive inactive child and regular workspaces. When a workspace is archived, any cloud applications are disconnected and Inbound Gateway and Network settings are cleared.

For further information, see Archive workspaces.

2 - Endpoint Security

The following features have been added to the Endpoint Security module:

2.1 - macOS device USB lockdown

USB drives on macOS devices can now be blocked. The USB Lockdown device policy allows admin users to block mass storage devices such as USB flash drives and USB hard drives.

For further information, see USB lockdown.

2.2 - macOS device tamper protection

Tamper protection is now supported on macOS devices.

For further information, See Tamper protection.

3 - Email Security

The following features have been added to the Email Security module:

3.1 - Inbound Gateway [Beta]

Coro’s Inbound Gateway add-on extends the anti-malware and anti-phishing protection offered by the Email Security module. It offers a full email proxy gateway solution that intercepts all inbound emails destined for your user’s accounts before malicious content can enter the organization's network.

For further information, see Inbound Gateway.

4 - EDR

The following features have been added to the EDR module:

4.1 - Detections

Coro EDR now detects and creates tickets based on malicious process detection rules.

For further information, see Ticket types for EDR.

4.2 - Allow/Block list CSV imports

Coro EDR can now import file, folder, and process records from a list contained in a CSV file.

For further information, see Block processes.

5 - Network

The following features have been added to the Network module:

5.1 - Encryption strength

The Coro VPN now offers two encryption strengths:

  • AES-128: faster, enterprise-grade security
  • AES-256: slower, military-grade security

By default, a virtual office has an encryption strength of AES-128.

For further information, see Change the encryption strength.

6 - MDM

The following features have been added to the MDM module:

6.1 - Rich application search

Admin users can now add applications to a device policy from the Coro console based on the app name.

6.2 - Disenroll a device

Admin users can now mark a device as disenrolled from the Coro console. The device remains visible in the Devices list, but is no longer accessible or managed by Coro MDM.

6.3 - Remove a device

Admin users can now permanently remove a disenrolled device from Coro MDM.

7 - Connectors

The following features have been added to the Connectors section of the console:

7.1 - ConnectWise integration

Coro now supports ConnectWise PSA integration. ConnectWise is used to map services (Coro modules and add-ons) and companies (managed workspaces) via a PSA connector in order to report workspace usage data.

For further information, see ConnectWise integration.


Version 3.1 introduces the following additional changes:

  1. Content inspection permissions
  2. EDR Base64 decoded command line support
  3. Protection against disabling the Windows Event Log
  4. EDR data protection
  5. Accuracy of IP geolocation
  6. Export admin user notifications

1 - Content inspection permissions

When content inspection is enabled, admin users can view sensitive data in the email content and findings sections of tickets related to User Data Governance. Sensitive data is data considered private or protected by law, policy, or contractual obligation.

When disabled, these sections display a message stating "Access to sensitive data is restricted" if they contain sensitive data.

2 - EDR Base64 decoded command line support

Coro EDR now automatically decodes base64-encoded command lines displayed on the Telemetry page, rendering them understandable for admin users.

3 - Protection against disabling the Windows Event Log

For Windows devices, when Tamper Protection is enabled, Coro EDR now safeguards against malicious attempts to disable the Windows Event Viewer, which is critical for gathering Windows event log EDR telemetry data.

4 - EDR data protection

If a device loses network connectivity or the Coro agent is inactive, Coro EDR now preserves your telemetry and process data. This saved data becomes accessible once the device re-establishes connection or the Coro Agent resumes operation.

5 - Accuracy of IP geolocation

The accuracy of IP geolocation has been improved for Access Permission and Suspected Identity Compromise tickets.

6 - Export admin user notifications

MSPs can now export the notification settings of their admin users to a CSV file. Each admin user sets their notifications from My Account -> Notifications.

Fixed items

  • Files with a comma in the file name sent through Secure Messages were not able to be downloaded. These files can now be downloaded.
  • When some special characters were entered in the search bar, an error message was received. Special characters can now be used without receiving errors.

Agent updates

This section describes the following additional agent updates that we are releasing with version 3.1:


The relevant agent must be updated on your device before changes take effect. The features described will not function until the updated macOS and Windows agents are installed. These are available on February 18, 2024.

1 - macOS agent 3.1

macOS agent 3.1 releases February 18, 2024, and includes the following:

1.1 Mass storage lockdown

For further information, see macOS device USB lockdown.

1.2 Tamper protection

For further information, see Tamper protection.

1.3 - Bug fixes

General bug fixes were made for this release.

2 - Windows agent 3.1

Windows agent 3.1 releases February 18, 2024, and includes the following:

2.1 - Protect from disabling the Windows Event Log

For further information, see Protection against disabling the Windows Event Log.

2.2 - Protect EDR data from network loss

For further information, see EDR data safeguarding.

2.3 - Improved scan mode detections

Improved detection scanning.

2.4 - Bug fixes

General bug fixes were made for this release.