Version 3.3, a major release, includes:
Before using the features and enhancements described below, Coro recommends updating the relevant Coro Agent on your device to the latest version.
This section describes the new features that we are releasing with version 3.3.
The following features have been added to the Coro console:
When specific Endpoint Security tickets are generated, admin users configured to receive notifications are sent an email with ticket details and options to remediate the event directly.
The tickets are:
- Firewall Disabled
- UAC Notification Missing
- Unencrypted Endpoint Drive
- Device Password Missing
For more information, see Endpoint Security ticket types.
Managed Service customers can now choose for their named contacts to receive a summary email containing a report of suspicious activity remediation handled by the Coro Managed Service team. A contact can select to receive an email for each instance as it occurred or a summary report for all activity during the past week.
For more information, see Managing managed service contacts.
The Reports section in the Control Panel now includes the following tabs:
- Reports
- Exports
- Scheduled
In Reports, new reports are available:
- DNS summary: A summary of the DNS activity in a workspace.
- Managed services summary: A summary of the tickets resolved through Coro's managed services team.
- Secure Messages summary: A summary of the secured messages sent by protected users.
In Exports, Coro enables you to export data in CSV format. Select from the following export types:
- Activity log
- Ticket log
- Protected users
- Devices
In Scheduled, Coro enables you to schedule exports every day, week, or month.
For more information, see Viewing reports.
The following features have been added to the Email Security module:
Admin users can now choose whether Coro quarantines malicious emails or just warns recipients for each threat type. If a particular threat type is set to warn, malicious emails are delivered to end recipients with a banner or label showing the detected threat.
This functionality was previously available only in the Inbound Gateway add-on. With this release, email warnings are extended to all Email Security customers.
For more information, see Email Security settings.
Encrypted emails received through the Secure Messages add-on can be set to expire after a specified number of days.
For more information, see Secure Messages.
You can now disable message forwarding for encrypted emails received in the Secure Messages portal.
For more information, see Secure Messages.
The following features have been added to the EDR module:
User-trusted non-system processes can be allowlisted to avoid triggering tickets and stop collecting related telemetry and process information on the EDR Telemetry page.
For more information, see EDR allowlist and blocklist.
The EDR Telemetry page search bar now offers the following new features:
- Recall the last five telemetry search entries.
- “AND” operator support which allows users to combine multiple criteria, enabling precise and specific searches.
- Search bar UI improvements.
For more information, see Searching telemetry records.
The EDR Telemetry page collects and monitors information related to the following USB device activities on Windows devices:
- USB device connected
- USB device disconnected
Monitoring USB device activity provides insight to support investigations and threat mitigation by identifying potential sources of malware infections. For example, if malware is suspected to have infected a device via a USB drive, this forensic information can assist with incident response and tracing the infection's origin.
For more information, see USB Device Activity.
The following features have been added to connectors functionality:
Coro now includes webhooks to enable customers to receive data from Coro into another application when a specific event occurs.
For more information, see Creating and managing webhooks.
Coro integrates with Zapier to enable customers to build workflows. The Coro Zapier application can receive usage and billing data from Coro workspaces, allowing customers to transform and transmit data items to external systems.
For more information, see Integrating with Zapier.
The Coro public API now allows customers to start and stop subscriptions programmatically through calls to the “/subscriptions” endpoint.
For more information, see the Coro public API.
The following features have been added to the Cloud Security module:
Coro now includes better visibility into user inactivity, with indications added to the Protected Users page. A user is considered inactive if they have not signed in to connected cloud applications or generated any loggable activity within 30 days.
For more information, see Adding users and user groups for protection.
The following features have been added to the Endpoint Security module:
Wi-Fi phishing detection is now supported for devices running macOS 14.5 (Sonoma) and later.
For more information, see Wi-Fi Phishing.
Coro now supports the following drive encryption scenarios:
- The Coro Agent collects recovery keys for internal and external Windows drives connected to a protected device with suspended encryption without waiting for a reboot.
- Support is added for internal and external Windows drives previously encrypted with Bitlocker, where the “used space” option was enabled.
For more information, see Encrypting endpoint device drives.
The Endpoint Security NGAV settings now include a new Quarantine Infected Containers setting. If the Coro Agent detects a malicious file inside a container (archive) and cannot extract it, Coro can now be configured to quarantine the entire container.
For more information, see Quarantine infected containers.
The following features have been added to the Network module:
This release includes the latest operating system and VPN security updates.
This release includes various improvements to site-to-site tunnels to improve performance and stability, including UX improvements when creating a new tunnel, generating and copying a pre-shared key, and activity logs.
You can now:
- Enable and disable site-to-site tunnels.
- Add multiple remote subnets.
- See the tunnel state.
- Download the tunnel connection log for debugging purposes.
For more information, see Settings.
Coro now includes insights into DNS activity. The following metrics are included in the Reports section of the console:
- Total number of DNS queries
- Number of blocked queries
- Top domains
- Top blocked domains
For more information, see Viewing reports.
Version 3.3 introduces the following additional changes:
Additional device drive information displayed on the Devices page
Refinements to the CSV Import Process for EDR and Endpoint Security allow/block lists
The new workspace dialog flow has been improved and simplified for Managed Service Providers (MSPs) and partners who create workspaces for their customers.
Coro now accepts IP address ranges as input values in the Email Security allowlist and blocklist.
Coro now enables PSA connectors in new channel workspaces by default.
Additional device drive information has been added to devices listed on the Devices page including:
- Model
- Friendly name
- Serial key
Supported device drive encryption statuses are:
- Encrypted
- Not Encrypted
- Encryption Failed
- Encryption Suspended
- Encryption In progress
The CSV import file size limit has been increased to 10MB, and the maximum number of entries is now 500.
The Agent deployment channel name has been updated to reflect the appropriate stage in the Agent's release life cycle, such as Gradual Rollout and General Availability.
The following are known issues in this release:
- Due to a recent change in macOS 15, Coro cannot support device posture enforcement for Gatekeeper functionality. Coro now displays a notification banner when adding a Gatekeeper Disabled device policy for macOS 15 devices, warning that only the review option is possible.
This section describes the following additional agent updates that we are releasing with version 3.3:
The relevant Agent must be updated on your device before changes take effect. The features described may not function until the updated macOS and Windows Agents are installed. Coro commences the roll-out of Agent updates after the release.
macOS agent 3.3 includes the following:
The Coro Agent can now read recovery keys for encrypted internal device drives and send them to the Coro workspace for storage and retrieval by admin users.
The macOS Agent app now displays the Coro device identifier (previously referred to as the Enrollment code) in the Information tab.
Coro can now show the VPN connection status (connected/disconnected) through macOS system notifications.
The Coro Agent app now displays more useful messages to describe its current state. For example, if user intervention is required to configure system extensions during initial setup, Coro now displays “User action required to proceed”.
The Coro Agent app now shows the VPN tab only when the Network module is enabled in the customer’s workspace. Other tabs remain visible in all cases.
The Coro Agent is now supported for devices running macOS 15 (Sequoia).
General bug fixes were made for this release.
Windows agent 3.3 includes the following:
The Windows Agent now supports the inclusion of environment variables for folders and files within the Endpoint Security allowlist and blocklist, such that admin users can specify an environment variable in place of a specified folder or file name to avoid defining large numbers of entries in the Coro console.
The Windows Agent app now displays the Coro device identifier ( previously referred to as the Enrollment code) in the Information tab.
To improve performance and error handling for on-demand endpoint device malware scans, the Coro Agent can now scan files by file handle rather than by file name.
Coro can identify the process or file responsible for attempting to delete VSS backups. The process name is now displayed in VSS Backup Protection tickets in the Coro console.
The Coro Agent starts in “safe mode” after three failed initialization attempts. Safe mode offers basic functionality and networking to facilitate remote log collection and troubleshooting by Coro support teams.
Coro now includes versioning in endpoint policy changes to improve efficiency and reduce unnecessary data transfer.
To improve stability, the Windows version of the Coro Agent now supports roll-back where a failure occurs during installation or uninstallation.
General bug fixes were made for this release.