v3.3 November 3, 2024

Version 3.3, a major release, includes:

• New features
• Enhancements
• Known issues
• Agent updates

Prerequisites

Before using the features and enhancements described below, Coro recommends updating the relevant Coro Agent on your device to the latest version.

New features

This section describes the new features that we are releasing with version 3.3.

1. Coro console
   • Endpoint Security ticket emails
   • Managed Service weekly report
   • Reports
2. Email Security
   • Email warning banners
   • Secure Messages - message expiration period
   • Secure Messages - message forwarding restriction
3. EDR
   • Process allowlisting
   • Enhanced telemetry search
   • New telemetry type - USB device activity (Windows devices only)
4. Connectors
   • Webhooks
   • Zapier integration
   • API - Subscription management
5. Cloud security
   • Active and inactive users
6. Endpoint security
   • Added support for Wi-Fi phishing detection in macOS 14.5 and later
   • Device drive encryption enhancements
   • Quarantine infected containers
7. Network
   • Software updates
   • Virtual Office site-to-site tunnels
   • Secure Web Gateway (SWG) reports

1 - Coro console

The following features have been added to the Coro console:

1.1 - Endpoint Security ticket emails

When specific Endpoint Security tickets are generated, admin users configured to receive notifications are sent an email with ticket details and options to remediate the event directly.

The tickets are:

• Firewall Disabled
• UAC Notification Missing
• Unencrypted Endpoint Drive
• Device Password Missing

For more information, see Endpoint Security ticket types.

1.2 - Managed Service weekly report

Managed Service customers can now choose for their named contacts to receive a summary email containing a report of suspicious activity remediation handled by the Coro Managed Service team. A contact can select to receive an email for each instance as it occurred or a summary report for all activity during the past week.

For more information, see Managing managed service contacts.

1.3 - Reports

The Reports section in the Control Panel now includes the following tabs:

• Reports
• Exports
• Scheduled

In Reports, new reports are available:

• DNS summary : A summary of the DNS activity in a workspace.
• Managed services summary : A summary of the tickets resolved through Coro's managed services team.
• Secure Messages summary : A summary of the secured messages sent by protected users.

In Exports, Coro enables you to export data in CSV format. Select from the following export types:

• Activity log
• Ticket log
• Protected users
• Devices

In Scheduled, Coro enables you to schedule exports every day, week, or month.

For more information, see Viewing reports.

2 - Email Security

The following features have been added to the Email Security module:

2.1 - Email warning banners

Admin users can now choose whether Coro quarantines malicious emails or just warns recipients for each threat type. If a particular threat type is set to warn, malicious emails are delivered to end recipients with a banner or label showing the detected threat.

This functionality was previously available only in the Inbound Gateway add-on. With this release, email warnings are extended to all Email Security customers.

For more information, see Email Security settings.

2.2 - Secure Messages - message expiration period

Encrypted emails received through the Secure Messages add-on can be set to expire after a specified number of days.

For more information, see Secure Messages.

2.3 - Secure Messages - message forwarding restriction

You can now disable message forwarding for encrypted emails received in the Secure Messages portal.

For more information, see Secure Messages.

3 - EDR

The following features have been added to the EDR module:

3.1 - Process allowlisting

User-trusted non-system processes can be allowlisted to avoid triggering tickets and stop collecting related telemetry and process information on the EDR Telemetry page.

For more information, see EDR allowlist and blocklist.

3.2 - Enhanced telemetry search

The EDR Telemetry page search bar now offers the following new features:

• Recall the last five telemetry search entries.
• “AND” operator support which allows users to combine multiple criteria, enabling precise and specific searches.
• Search bar UI improvements.

For more information, see Searching telemetry records.

3.3 - New telemetry type - USB device activity (Windows devices only)

The EDR Telemetry page collects and monitors information related to the following USB device activities on Windows devices:

• USB device connected
• USB device disconnected

Monitoring USB device activity provides insight to support investigations and threat mitigation by identifying potential sources of malware infections. For example, if malware is suspected to have infected a device via a USB drive, this forensic information can assist with incident response and tracing the infection's origin.

For more information, see USB Device Activity.

4 - Connectors

The following features have been added to connectors functionality:

4.1 - Webhooks

Coro now includes webhooks to enable customers to receive data from Coro into another application when a specific event occurs.

For more information, see Creating and managing webhooks.

4.2 - Zapier integration

Coro integrates with Zapier to enable customers to build workflows. The Coro Zapier application can receive usage and billing data from Coro workspaces, allowing customers to transform and transmit data items to external systems.

For more information, see Integrating with Zapier.

4.3 - API - Subscription management

The Coro public API now allows customers to start and stop subscriptions programmatically through calls to the “/subscriptions” endpoint.

For more information, see the Coro developer portal.

5 - Cloud security

The following features have been added to the Cloud Security module:

5.1 - Active and inactive users

Coro now includes better visibility into user inactivity, with indications added to the Protected Users page. A user is considered inactive if they have not signed in to connected cloud applications or generated any loggable activity within 30 days.

For more information, see Adding users and user groups for protection.

6 - Endpoint security

The following features have been added to the Endpoint Security module:

6.1 - Added support for Wi-Fi phishing detection in macOS 14.5 and later

Wi-Fi phishing detection is now supported for devices running macOS 14.5 (Sonoma) and later.

For more information, see Wi-Fi Phishing.

6.2 - Device drive encryption enhancements

Coro now supports the following drive encryption scenarios:

• The Coro Agent collects recovery keys for internal and external Windows drives connected to a protected device with suspended encryption without waiting for a reboot.
• Support is added for internal and external Windows drives previously encrypted with Bitlocker, where the “used space” option was enabled.

For more information, see Encrypting Windows endpoint drives.

6.3 - Quarantine infected containers

The Endpoint Security NGAV settings now include a new Quarantine Infected Containers setting. If the Coro Agent detects a malicious file inside a container (archive) and cannot extract it, Coro can now be configured to quarantine the entire container.

For more information, see Quarantine infected containers.

7 - Network

The following features have been added to the Network module:

7.1 - Software updates

This release includes the latest operating system and VPN security updates.

7.2 - Virtual Office site-to-site tunnels

This release includes various improvements to site-to-site tunnels to improve performance and stability, including UX improvements when creating a new tunnel, generating and copying a pre-shared key, and activity logs.

You can now:

• Enable and disable site-to-site tunnels.
• Add multiple remote subnets.
• See the tunnel state.
• Download the tunnel connection log for debugging purposes.

For more information, see Settings.

7.3 - Secure Web Gateway (SWG) reports

Coro now includes insights into DNS activity. The following metrics are included in the Reports section of the console:

• Total number of DNS queries
• Number of blocked queries
• Top domains
• Top blocked domains

For more information, see Viewing reports.

Enhancements

Version 3.3 introduces the following additional changes:

1. Workspace creation flow
2. IP address ranges in email allowlists and blocklists
3. PSA enabled by default
4. Additional device drive information displayed on the Devices page
5. Refinements to the CSV Import Process for EDR and Endpoint Security allow/block lists
6. Detailed Agent channel names in the Agent Deployment tab

1 - Workspace creation flow

The new workspace dialog flow has been improved and simplified for Managed Service Providers (MSPs) and partners who create workspaces for their customers.

2 - IP address ranges in email allowlists and blocklists

Coro now accepts IP address ranges as input values in the Email Security allowlist and blocklist.

3 - PSA enabled by default

Coro now enables PSA connectors in new channel workspaces by default.

4 - Additional device drive information displayed on the Devices page

Additional device drive information has been added to devices listed on the Devices page including:

• Model
• Friendly name
• Serial key

Supported device drive encryption statuses are:

• Encrypted
• Not Encrypted
• Encryption Failed
• Encryption Suspended
• Encryption In progress

5 - Refinements to the CSV import process for EDR and Endpoint Security allowlists and blocklists

The CSV import file size limit has been increased to 10MB, and the maximum number of entries is now 500.

6 - Detailed Agent channel names in the Agent Deployment tab

The Agent deployment channel name has been updated to reflect the appropriate stage in the Agent's release life cycle, such as Gradual Rollout and General Availability.

Known issues

The following are known issues in this release:

• Due to a recent change in macOS 15, Coro cannot support device posture enforcement for Gatekeeper functionality. Coro now displays a notification banner when adding a Gatekeeper Disabled device policy for macOS 15 devices, warning that only the review option is possible.

Agent updates

This section describes the following additional agent updates that we are releasing with version 3.3:

• macOS agent 3.3
• Windows agent 3.3

Prerequisites

The relevant Agent must be updated on your device before changes take effect. The features described may not function until the updated macOS and Windows Agents are installed. Coro commences the roll-out of Agent updates after the release.

1 - macOS agent 3.3

macOS agent 3.3 includes the following:

1.1 Storage of recovery keys for encrypted internal drives

The Coro Agent can now read recovery keys for encrypted internal device drives and send them to the Coro workspace for storage and retrieval by admin users.

1.2 Coro device ID display

The macOS Agent app now displays the Coro device identifier (previously referred to as the Enrollment code) in the Information tab.

1.3 - Notifications for VPN connection status

Coro can now show the VPN connection status (connected/disconnected) through macOS system notifications.

1.4 - Updated app protection status messaging

The Coro Agent app now displays more useful messages to describe its current state. For example, if user intervention is required to configure system extensions during initial setup, Coro now displays “User action required to proceed”.

1.5 - Show the VPN tab only when the Network module is enabled

The Coro Agent app now shows the VPN tab only when the Network module is enabled in the customer’s workspace. Other tabs remain visible in all cases.

1.6 - Support for macOS 15 (Sequoia)

The Coro Agent is now supported for devices running macOS 15 (Sequoia).

1.7 Bug fixes

General bug fixes were made for this release.

2 - Windows agent 3.3

Windows agent 3.3 includes the following:

2.1 Support for environment variables in allowlists and blocklists

The Windows Agent now supports the inclusion of environment variables for folders and files within the Endpoint Security allowlist and blocklist, such that admin users can specify an environment variable in place of a specified folder or file name to avoid defining large numbers of entries in the Coro console.

2.2 Coro device ID display

The Windows Agent app now displays the Coro device identifier ( previously referred to as the Enrollment code) in the Information tab.

2.3 Scan file by file handle

To improve performance and error handling for on-demand endpoint device malware scans, the Coro Agent can now scan files by file handle rather than by file name.

2.4 - VSS backup enhancements

Coro can identify the process or file responsible for attempting to delete VSS backups. The process name is now displayed in VSS Backup Protection tickets in the Coro console.

2.5 - Start the Agent in safe mode after multiple failed attempts

The Coro Agent starts in “safe mode” after three failed initialization attempts. Safe mode offers basic functionality and networking to facilitate remote log collection and troubleshooting by Coro support teams.

2.6 - Added versioning to policy downloads

Coro now includes versioning in endpoint policy changes to improve efficiency and reduce unnecessary data transfer.

2.7 - Rollback capability added to Windows installer

To improve stability, the Windows version of the Coro Agent now supports roll-back where a failure occurs during installation or uninstallation.

2.8 - Bug fixes

General bug fixes were made for this release.