v3.6 August 17, 2025

Version 3.6, a major release, includes:

• New features
• Enhancements
• Agent updates

Prerequisites

Before using the features and enhancements described below, you must update the relevant Coro Agent on your device. Coro commences the roll-out of Agent updates after the release.

New features

This section describes the new features that we are releasing with version 3.6.

1. Coro AI
   • Coro AI Assistant
2. Coro console
   • Global protection policies
   • Security Gaps
   • Global view actionboard widgets
   • User labels
   • Coro insights
   • French language support
3. Cloud security
   • Impossible traveler
4. Endpoint security
   • Scheduled malware scans
5. Network
   • Trusted networks
   • Multi-factor authentication
   • Allowlist-only filtering
6. Data governance
   • Outbound Gateway
   • Ticket consolidation by sensitive data type for email events
   • Australian, Canadian, Dutch, and German sensitive data detection
7. MDM
   • Application restrictions policies
   • Remote app installation
   • Lost mode
8. SAT
   • Adaptive training

1 - Coro AI

The following feature has been added to Coro AI:

1.1 Coro AI Assistant (beta)

Coro AI Assistant combines the existing Ask Coro functionality with a new ticket summary. The ticket summary overview generates correlated insights, recommended next steps, and highlights of trends or recurring misconfigurations based on your workspace tickets.

For more information, see Coro AI Assistant.

2 - Coro console

The following features have been added to the Coro console:

2.1 - Global protection policies

MSP admin users can now create and manage global protection policies across multiple workspaces from Global view > Global Settings > Protection Policies. The new protection policies list provides a centralized view of all policies, including assigned workspaces and last modified dates. MSP admin users can create policies with predefined settings for devices, cloud security, endpoint security, email security, and data governance. Policies can be created, assigned, edited, duplicated, or removed, with built-in safeguards to prevent deleting policies still in use. This update simplifies policy management and enforces consistent protection across the MSP environment.

For more information, see Global protection policies.

2.2 - Security Gaps

Coro introduces Security Gaps.

This feature helps organizations identify and remediate workspace misconfigurations that might reduce Coro protection. It highlights configuration gaps across users, devices, cloud applications, and device posture policies.

For more information, see Security Gaps.

2.3 - Global view actionboard widgets

Coro now has three new widgets in the global view actionboard:

• A graph of total protected users and devices over a specific time period.
• A breakdown of user change by workspace over a specific time period, displaying the top three workspaces with the most positive and most negative changes.
• A breakdown of device change by workspace over a specific time period, displaying the top three workspaces with the most positive and most negative changes.

2.4 - User labels

Admin users can now create and manage user labels from the new Labels tab under Control Panel > Users. The labels table displays existing labels, the number of protected users assigned to each, and options to edit or delete labels. You can also search by label name and add new labels.

For more information, see User labels.

2.5 - Coro insights

Coro introduces Coro Insights.

This feature provides a 30-day overview of security activity across your workspace. It highlights protected user behavior, top ticket types, suspicious email sources, and how many tickets Coro resolved automatically, helping you identify trends and respond more effectively,

For more information, see Coro Insights.

2.6 - French language support

The Coro console now includes support for French (France).

3 - Cloud security

The following feature has been added to the Cloud Security module:

3.1 - Impossible traveler

Coro now detects impossible travel by identifying sign-ins from distant locations within timeframes too short for realistic travel. If the time between sign-ins falls below the calculated travel threshold, Coro flags the activity and creates an Impossible Traveler ticket.

4 - Endpoint security

The following feature has been added to the Endpoint Security module:

4.1 - Scheduled malware scans

Coro now supports scheduled malware scans for Windows, macOS, and Linux endpoint devices. Admin users can configure scans to run automatically at a specified frequency and time. Scheduled scans provide routine, automated malware checks in addition to Coro's real-time protection.

For more information, see Scheduled malware scans.

5 - Network

The following features have been added to the Network module:

5.1 - Trusted networks

You can now configure trusted networks to automatically disconnect devices from VPN or ZTNA when they're connected to known, secure networks. This helps improve performance and reduce routing conflicts.

For more information, see Trusted networks.

5.2 - Multi-factor authentication

You can now enable multi-factor authentication (MFA) to increase security for protected users connecting through VPN or ZTNA. Once enabled, users verify their identity with a one-time code from an authenticator app, helping prevent unauthorized access.

For more information, see MFA.

5.3 - Allowlist-only filtering

A new allowlist-only filtering option is now available in Secure Web Gateway (SWG) settings. When enabled, all URLs are blocked by default; only those explicitly added to the allowlist are accessible.

For more information, see Allowlist-only filtering.

6 - Data governance

The following features have been added to the Endpoint Data Governance, User Data Governance, and Email Security modules:

6.1 Outbound Gateway

Coro's User Data Governance module now offers organizations enhanced DLP (Data Loss Prevention) functionality through the addition of an outbound gateway proxy for email transmission. The outbound gateway enables real-time monitoring and blocking of outbound emails that violate an organization's sensitive data policies.

6.2 Ticket consolidation by sensitive data type for email events

To reduce excess ticket generation, Coro creates at most one ticket per sensitive data type for an email event that includes several instances of the same data exposure. For example, suppose an email contains credit card information in the subject, body, and an attachment simultaneously. In that case, Coro now raises only one Credit Card Data ticket for the event, listing all findings.

6.3 Australian, Canadian, Dutch, and German sensitive data detection

Coro now detects the following sensitive data types:

• Australia:
  • Bank account number
  • Driver's licence number
  • Health insurance number (Medicare)
  • Passport number
  • Tax identification number
• Canada:
  • Bank account number
  • Driver's licence number:
    • Alberta
    • British Columbia
    • Ontario
    • Quebec
  • Health insurance number:
    • Alberta
    • British Columbia
    • Ontario
    • Quebec
  • Passport number
  • Social insurance number (SIN)
• Germany:
  • Driver's licence number
  • Identity card number
  • Passport number
  • Tax identification number
• Netherlands:
  • Citizen service (BSN) number
  • Passport number
  • Tax identification number
  • VAT number (BTW)

For more information, see Sensitive data recognized by Coro.

7 - MDM

The following features have been added to the MDM module:

7.1 Application restrictions policy

Coro now includes a new App Restrictions policy type for iOS and iPadOS devices. This enables admin users to set restrictions on enrolled devices to limit a user's ability to perform various app functions, such as installing and removing apps.

7.2 Remote app installation

Coro's MDM module now includes centrally managed apps. Admin users can add apps to a managed list for remote deployment and installation on enrolled devices.

This functionality works with both supervised/company-owned and BYOD devices.

7.3 Lost mode

Admin users can remotely enable Lost mode for devices. Affected devices are locked and unusable.

8 - SAT

The following features have been added to the SAT module:

8.1 Adaptive training

Coro SAT now includes adaptive training. Coro tracks user activity in their cloud and email apps to identify users who most often trigger events. High risk users are given extra training courses tailored to help them recognize the threats they most often miss.

Enhancements

Version 3.6 introduces the following additional changes:

1. Cloud Security enhancements
2. Coro console enhancements
3. Connectors enhancements
4. Network enhancements
5. Data governance enhancements

1 - Cloud Security enhancements

1.1 - Introducing Policies

Coro now includes a Policies tab under Cloud Security in the Control Panel. This tab includes:

• Access Permissions : Containing the original Access Permissions functionality.
• Threat types : Containing threat detection policies that apply to all users, specified users, or specified user groups. In this release, Coro adds the Impossible Traveler policy.

1.2 - Application connection status

When a cloud application needs additional configuration, the status of that application now says Additional setup required instead of Not secure.

2 - Coro console enhancements

2.1 - Subchannel branding

MSP admin users can now apply custom branding when creating or editing channel workspaces.

2.2 - Email reminders for workspace trial expiration

Admin users now receive email reminders seven and three days before a workspace expires.

2.3 - Actionboard redesign

The actionboard in workspace view has been updated for a cleaner, more focused experience. Overview widgets have been redesigned for clarity, and the add-ons section is now collapsible by default. To reduce visual clutter, pie charts and the closed tickets section have been removed.

3 - Connectors enhancements

3.1 - Syslog support for forwarding Coro ticket data

Admin users can now configure Syslog connections to forward Coro ticket events to external platforms that support Syslog using RFC 5424 formatting over TLS. This feature enhances Coro's existing SIEM functionality by expanding compatibility to environments that rely on structured Syslog ingestion. Admin users can upload certificates for secure TLS connections, select Coro modules, assign facility codes, send test messages, and optionally add a tenant label for multi-tenant environments.

4 - Network enhancements

4.1 - User-based ZTNA

ZTNA resource policies now support user labels, allowing you to apply access rules based on individual users instead of just devices. User-based authentication must be enabled to use this feature.

5 - Data governance enhancements

5.1 - Permissions setting for unprotected internal domain users

Coro now includes an additional User Data Governance permission group that represents all unprotected/protectable users that belong to an internal domain in a workspace. Allowing users in this group to access sensitive data means that when a sender in the same domain shares sensitive data, Coro no longer raises tickets for unprotected internal recipients.

Agent updates

This section describes the following additional Agent updates that we are releasing with version 3.6:

• Linux Agent 3.6
• macOS Agent 3.6
• Windows Agent 3.6

Prerequisites

The relevant Agent must be updated on your device before changes take effect. The features described will not function until the updated Linux, macOS, and Windows Agents are installed. Coro commences the roll-out of Agent updates after the release.

1 - Linux Agent 3.6

Linux Agent 3.6 includes the following:

1.1 - Scheduled malware scan support

The Agent now supports scheduled malware scans on Linux devices.

2 - macOS Agent 3.6

macOS Agent 3.6 includes the following:

2.1 - Scheduled malware scan support

The Agent now supports scheduled malware scans on macOS devices.

2.2 - User-based authentication

User-based authentication is now available to help ensure that each device is linked to the correct protected user. When enabled from Control Panel > Devices, users are prompted to enter and verify their email address in the Coro Agent. This process connects the device to the user and allows Coro to apply user labels.

2.3 - French language support

The Coro Agent UI now includes support for French (France).

2.4 - Bug fixes

• Resolved an issue where macOS Agents failed to apply any remote actions if the list included unsupported entries.
• Resolved an issue where the Agent blocked connections to allowed unencrypted wireless networks when conflicting policies were applied.

3 - Windows Agent 3.6

Windows Agent 3.6 includes the following:

3.1 - Scheduled malware scan support

The Agent now supports scheduled malware scans on Windows devices.

3.1 - Scheduled malware scan support

The Agent now supports scheduled malware scans on Windows devices.

3.2 - French language support

The Coro Agent UI now includes support for French (France).

3.3 - User-based authentication

User-based authentication is now available to help ensure that each device is linked to the correct protected user. When enabled from Control Panel > Devices, users are prompted to enter and verify their email address in the Coro Agent. This process connects the device to the user and allows Coro to apply user labels.

3.4 - Bug fixes

General bug fixes were made for this release.