v3.5 April 27, 2025

Version 3.5, a major release, includes:

• New features
• Enhancements
• Fixed issues
• Agent updates

Prerequisites

Before using the features and enhancements described below, you must update the relevant Coro Agent on your device. Coro commences the roll-out of Agent updates after the release.

New features

This section describes the new features that we are releasing with version 3.5.

1. Security Awareness Training
2. Coro console
   • Aggregated views for MSPs
3. Email Security
   • Inbound Gateway custom headers
   • Inbound Gateway new ticket type: MX Record Misconfigured
   • Phishing scan sensitivity control
   • Allowlist/blocklist optimization
   • Italian language support in emails
4. Endpoint security
   • Coro Agent Linux support
   • Bulk drive encryption
5. Network
   • ZTNA - Access permissions to external SaaS resources
   • ZTNA - Configuration options per resource instance
6. Data governance
   • French sensitive data detection
7. Mobile Device Management (MDM)
   • Network policy
   • Security policy
   • Custom device names

1 - Security Awareness Training

Coro introduces the Security Awareness Training (SAT) module.

This module enables organizations to train employees to recognize phishing attempts and malicious content delivered via email, reducing the risk of unauthorized access to company resources and sensitive data.

To learn more, see Security Awareness Training.

2 - Coro console

The following features have been added to the Coro console:

2.1 - Aggregated views for MSPs

Coro now has two views in the Coro console: a workspace view and a global (MSP) view. The global view includes aggregated data from all the workspaces under a channel (MSP) workspace, such as protected devices, protected users, and ticket logs.

For more information, see Introducing the global view.

3 - Email Security

The following features have been added to the Email Security module:

3.1 - Inbound Gateway custom headers

Coro now allows admin users to add custom headers to incoming emails handled by the Inbound Gateway, enabling efficient classification, processing, organization, and retrieval.

For more information, see Configuring the gateway.

3.2 - Inbound Gateway new ticket type: MX Record Misconfigured

When the Inbound Gateway is enabled and configured in your workspace, Coro performs a regularly scheduled check to confirm if the target email domain is accessible and correctly configured. If this check identifies that Coro’s Inbound Gateway server address is not a highest-priority Mail Exchange (MX) record in your DNS settings, Coro raises an MX Record Misconfigured ticket to alert admin users.

For more information, see Ticket types for email security.

3.3 - Phishing scan sensitivity control

Coro now enables you to set the sensitivity level (high, medium, or low) for phishing email detection within your protected users' emails, maximizing flexibility and enabling admin users to calibrate the detection mechanism to its optimal performance for your organization.

For more information, see Email Security settings.

3.4 - Allowlist/blocklist optimization

Coro now has an optimized Email Security allowlist and blocklist, enabling admin users to have better control over allowing or blocking suspected emails. Previous functionality included two workspace blocklist types, Suspicious content and Authentication Failure. Now, admin users add blocked emails to a single list - providing the same protection features and ticket types - but with simpler functionality.

For more information, see Allow or block email senders.

3.5 - Italian language support in emails

Coro now supports Italian language threat detection and exclusion for malicious emails.

4 - Endpoint security

The following features have been added to the Endpoint Security module:

4.1 - Coro Agent Linux support

The Coro Agent is now supported for Linux endpoint devices.

The Agent Deployment tab on the Devices page now includes a new Linux section that provides the current Linux Agent version and release cycle details. Linux has also been added to the OS version filter on the Devices and Global Devices pages, enabling admin users and MSP admin users to view and manage their Linux devices.

In this release, Coro officially supports the following Linux distributions:

• Debian 13 (Trixie)
• Debian 12 (Bookworm)
• Debian 11 (Bullseye)
• Ubuntu 24.04 LTS (Noble Numbat)
• Ubuntu 23.10 (Mantic Minotaur)
• Ubuntu 23.04 (Lunar Lobster)
• Ubuntu 22.10 (Kinetic Kudu)
• Ubuntu 22.04 LTS (Jammy Jellyfish)

The following actions are supported for Endpoint Security tickets based on Linux devices:

• Close related tickets
• Remote scan for malware
• Collect logs
• Download logs

To learn more, see Deploying Coro on Linux devices.

4.2 - Bulk drive encryption

Managed Service Provider (MSP) admin users can encrypt drives in bulk across all workspaces and their associated devices from the Global Devices page. This centralizes encryption management and provides organization-wide visibility into device encryption status.

For more information, see Bulk drive encryption.

5 - Network

The following features have been added to the Network module:

5.1 - ZTNA - Access permissions to external SaaS resources

ZTNA now supports configuring access permissions to software as a service (SaaS) applications, not just self-hosted resources. Admin users can define access to domains like salesforce.com on a per-label basis. They can control who can access the service by setting conditional access in the SaaS admin panel (for example, allowing the virtual office IP address).

To learn more, see ZTNA.

5.2 - ZTNA - Configuration options per resource instance

Admin users can now configure each ZTNA resource instance using a single IP address, IP address range, subnet, or domain—each with custom port and protocol settings. Coro enforces validation for correct formats (IPv4, CIDR, ports) and prevents overlapping or duplicate configurations across instances.

IPv4 is the only supported format in this phase.

To learn more, see Adding resource access policies to ZTNA.

6 - Data governance

The following features have been added to the Endpoint Data Governance and User Data Governance modules:

6.1 - French sensitive data detection

Coro now detects the following French sensitive data types:

• Driver's license number
• National ID number - CNI
• Passport number
• Social security number - NIR
• Tax identification number - NIF

To learn more, see Sensitive data recognized by Coro.

7 - Mobile Device Management (MDM)

The following features have been added to the MDM module:

7.1 - Network policy

Coro MDM introduces the Network policy, enabling admin users to predefine Wi-Fi network endpoints for iOS and Android devices. This helps to prevent unsecure sharing of Wi-Fi network passwords and details to new device users.

Full documentation coming soon.

7.2 - Security policy

Coro MDM introduces the Security policy, enabling admin users to enforce or disable device security features and settings.

For iOS devices:

• Enforce encrypted backups.
• Disable the ability to factory-reset the device.
• Disable automatic unlocking.
• Disable the control center on the lock screen.
• Disable control center notifications on the lock screen.
• Disable lock screen notifications.
• Enforce authentication before auto-fill can be used.
• Disable Siri while the device is locked.
• Disable Siri.
• Disable the device camera.
• Disable the ability to screenshot the current screen.
• Disable NFC.

For Android devices:

• Allow only Google Play Protect-verified app installation.
• Disable Developer Mode.
• Enforce content protection policies.
• Disable the device camera.
• Disable access to the microphone to prevent audio recording.
• Disable screen capture to prevent screenshots or screen recording.
• Disable NFC.
• Disable Bluetooth.
• Disable the ability to mount external physical media, such as MicroSD cards.
• Disable the ability to factory-reset the device.

Full documentation coming soon.

7.3 - Custom device names

Admin users can optionally enter custom names for enrolled devices to better identify them within the Coro MDM console.

Full documentation coming soon.

Enhancements

Version 3.5 introduces the following additional changes:

1. Cloud Security enhancements
2. Coro console enhancements
3. EDR enhancements
4. Endpoint Security enhancements
5. Network enhancements
6. Email Security enhancements
7. Mobile Device Management (MDM) enhancements

1 - Cloud Security enhancements

1.1 - Deprecated Inactive user tickets

Coro no longer generates Inactive user tickets. Historical Inactive user tickets are available for review in the Ticket Log.

2 - Coro console enhancements

2.1 - Executive summary and reports improvements

Three new columns have been added to the Devices CSV export: serial number, last seen, and device removed.

2.2 - Improved PDF report design

The Executive summary and Managed services summary reports have an improved layout.

2.3 - Improved ability to add managed services to modules

You can now add managed services to specific modules when creating or editing a workspace.

2.4 - UI improvements

Workspace ID is now shown at the bottom of the control panel.

3 - EDR enhancements

3.1 - Telemetry page improvements

A process ID field (PID) has been added to the Detailed process info section on the Telemetry page. This field displays the unique process ID for each process, enabling admin users to identify and investigate individual processes.

4 - Endpoint Security enhancements

4.1 - Improved allowlist and blocklist data entry

The Endpoint Security allowlist and blocklist now support entries with commas, which are required for specific folder names and other structured values.

4.2 - NGAV device labels

NGAV settings in Endpoint Security now require at least one device label to enable protection. If all labels are removed, Coro automatically applies the All devices label to maintain protection and ensure settings apply to at least one device group.

4.3 - macOS agent support for external drive encryption

Added support for encrypting external Apple File System (APFS) drives on macOS devices and managing their recovery keys.

4.4 - Process and file hash values added to SIEM integration data

Coro’s SIEM integration now includes hash fields from Endpoint Security tickets. This includes the hash from Malware on Endpoint tickets and process hashes from Infected Process tickets, enabling security teams to access critical data for more effective threat analysis and incident response.

5 - Network enhancements

5.1 - ZTNA - Support for adding multiple instances

ZTNA resource configurations can now include up to five instances.

6 - Email Security enhancements

6.1 - Sender IP address added to SIEM integration data

Coro’s SIEM integration now includes the sender IP address (if available) for all relevant Email Security tickets.

7 - Mobile Device Management (MDM) enhancements

7.1 - Additional Passcode policy restriction for iOS devices

Admin users now have additional options for Passcode policies on iOS devices:

• Disable biometrics when unlocking the device. The user must use the device passcode to unlock the device.
• Disable the user's ability to change the device passcode.

Fixed issues

• Resolved an issue where admin user invitation emails displayed the inviter’s address instead of the intended invitee, causing confusion when adding new admin users after a domain change. Updated the invite text to reflect the correct recipient and added guidance for accepting invites while signed out to ensure proper onboarding flow.
• Resolved multiple issues in scheduled exports where filters were not applied or saved correctly. The Groups filter for device exports was not retained, and the OS version filter did not apply during report generation. Addressed problems in the Activity Log report, including missing logs due to a default filter, unsaved Types filter selections, and UI errors where selected checkboxes were not reflected properly.
• Added missing messaging in the Activity Log section for users without sufficient permissions. They now see a message stating: You don’t have permission to access activity logs.
• Resolved Spanish and Italian translation issues in the console.
• Resolved an issue that prevented Coro from applying the telemetry filter when users selected View Telemetry from the Processes tab. Coro now displays the process hash in the URL and correctly applies the filter in the search field on the Telemetry page.
• Resolved a macOS issue where the activity log showed a success message immediately after triggering Enable Gatekeeper , even if the action failed. The console now waits for the Agent's response before confirming success.
• Resolved an issue where migrated Endpoint Data Governance and User Data Governance sensitive data types were not displaying in the console following v3.4.2.

Agent updates

This section describes additional Agent updates released with version 3.5:

• Linux Agent 3.5
• macOS Agent 3.5
• Windows Agent 3.5

Prerequisites

The relevant Agent must be updated on your device before changes take effect. The features described will not function until the updated Linux, macOS, and Windows Agents are installed. Coro commences the roll-out of Agent updates after the release.

1 - Linux Agent 3.5

Linux Agent 3.5 includes the following:

1.1 - Malware detection

The Agent supports remote malware scans on officially supported Linux distributions, including the ability to start and stop scans remotely.

1.2 - Excluding files and folders from malware scans

The Agent supports excluding files and folders from remote malware scans.

1.3 - Metadata reporting

The Agent collects and posts metadata from Linux devices to the console.

1.4 - Log collection and downloading

The Agent supports the collection and downloading of diagnostic logs.

2 - macOS Agent 3.5

macOS Agent 3.5 includes the following:

2.1 - External drive encryption

The Agent now supports external drive encryption on macOS devices, including the collection and transmission of recovery keys for secure storage and retrieval. Recovery keys can be viewed in the console on the Devices page.

2.2 - Updated installation requirements

An additional installation step has been added to grant the Agent Full Disk Access (FDA) on the device.

2.3 - Bug fixes

General bug fixes were made for this release.

3 - Windows Agent 3.5

Windows Agent 3.5 includes the following:

3.1 - Bug fixes

• Resolved an issue where fully encrypted drives were incorrectly displayed as unencrypted in the console.
• Resolved an issue where approving a file from a Malware on Endpoint ticket added it to the Endpoint Security allowlist, but the file was still detected on devices, triggering new tickets.
• Resolved an issue where active device posture policies for Firewall Disabled , Developer Mode Enabled , and UAC Notification Missing did not trigger tickets.