v3.7 November 16, 2025

Version 3.7, a major release, includes:

• New features
• Enhancements
• Fixed issues
• Agent updates

Prerequisites

Before using the features and enhancements described below, you must update the relevant Coro Agent on your device. Coro commences the roll-out of Agent updates after the release.

New Features

This section describes the new features that we are releasing with version 3.7.

1. Coro Console
   • Actionboard redesign
   • Updated ticket structure
   • Updated ticket closure policies
   • Bulk ticket actions
   • Global allowlists and blocklists
2. Cloud Security
   • Threat detection policies
3. Endpoint Security
   • Remote Agent uninstallation
   • USB Lockdown allowlisting
4. Network and SWG
   • DNS filtering allowlists and blocklists
   • Shadow AI blocklist
   • Improved DNS summary report
   • Virtual office Brazil server
5. Email Security
   • Prompt injection detection
   • User reports of quarantined emails
   • Delete auto-forwarding rules
6. Data Governance
   • Unified ticket consolidation for cloud shares and emails
   • Unified ticket consolidation for endpoint device drive scans
   • UAE sensitive data detection
7. MDM
   • Demo mode
8. Coro AI
   • Global view AI summary

1 - Coro console

The following features have been added to the Coro console:

1.1 - Actionboard redesign

The single workspace view actionboard has been redesigned to include a summary of all open tickets, direct links to the protected devices and protected users lists, and a new workspace health score, which is based on open tickets and security gaps.

For more information, see The Actionboard.

1.2 - Updated ticket structure

The ticket detail pane has been redesigned to help you take faster, more informed actions. When you select a ticket, you'll now see four tabs:

• Overview
• Full details
• Activity logs
• Comments

The Overview tab highlights Coro's Recommended Steps or a one-click Quick Fix option.

• Recommended steps are suggested actions that admin users can review and apply manually.
• You can apply Quick Fix options directly by selecting APPLY QUICK FIX at the top of the pane.

For more information, see Using the ticket log.

1.3 - Updated ticket closure policies

Tickets that remain open for review are now automatically closed after 10 days for the following modules:

• Cloud Security
• Email Security
• Endpoint Data Governance
• Endpoint Security
• User Data Governance

1.4 - Bulk ticket actions

Admin users can now take actions on multiple tickets at once. When multiple tickets are selected, actions that can be taken for all of them are displayed.

1.5 - Global allowlists and blocklists

MSP admin users can now access and manage global allowlists and blocklists for EDR, Email Security, and Endpoint Security.

For more information, see Global allowlists and blocklists.

2 - Cloud security

The following feature has been added to the Cloud Security module:

2.1 - Threat detection policies

The Cloud Security page now supports additional threat detection policies. Admin users can assign different actions per detection and assign them to all users, specific groups, individual users, or user labels.

New detection types include:

• Abnormal Admin Activity
• Mass Data Deletion
• Mass Data Download
• Suspected Bot Attack
• Suspected Identity Compromise

Each policy change is now logged in the Activity Log, with timestamp, detection type, remediation setting, and affected users or groups. Admins can also undo suspended actions from the Activity Log or Ticket Log.

For more information, see Threat types.

3 - Endpoint security

The following features have been added to the Endpoint Security module:

3.1 - Remote Agent Uninstallation

Admin users can now trigger remote Coro Agent uninstallations for Windows devices directly from the Coro console.

For more information, see Uninstalling Windows devices from the Coro console.

3.2 - USB Lockdown allowlisting

Admin users can now allow specific USB devices by serial number when configuring USB Lockdown device policies.

For more information, see Endpoint device USB Lockdown.

4 - Network and SWG

The following features have been added to the Network and SWG modules:

The Network module has now been split into two modules:

• Network : VPN or ZTNA and site-to-site tunnels
• SWG : DNS filtering and custom domain records

Settings that apply to both modules can be configured in the new Network Settings section from the Control Panel.

4.1 - DNS filtering allowlists and blocklists

In the new SWG module, admin users can now apply DNS filtering allowlists and blocklists to specific devices using device labels.

For more information, see DNS filtering.

4.2 - Shadow AI blocklist

The new SWG module now includes a default blocklist for DNS filtering called Shadow AI, designed to block access to most AI chatbots unless explicitly allowlisted.

4.3 - Improved DNS summary report

The DNS summary report now includes a new layout. The top section shows total DNS queries, blocked queries, and other summary details. The lower section lists blocked domains and the users or devices that attempted to access them.

For more information, see Workspace reports.

4.4 - Virtual office Brazil server

Coro now provides Brazil as an additional region when setting up your virtual office.

5 - Email Security

The following features have been added to the Email Security module:

5.1 - Prompt injection detection

Coro now identifies suspected hidden or obfuscated AI request prompts in the subject or body of emails. The detected prompts might be manipulative, misleading, or malicious in nature, and appear designed to trigger unexpected actions on downstream mail servers that utilize AI services.

For more information, see Scanning emails for threats.

5.2 - User reports of quarantined emails

Coro can now send regular reports to your end users showing a list of emails that Coro quarantined before reaching their inbox. This enables users to safely identify where legitimate emails were misclassified, and to request administrators and security teams to review and release those emails.

For more information, see Sending reports for quarantined emails to users.

5.3 - Delete auto-forwarding rules

To help organizations protect company emails from unauthorized recipients, admin users can now instruct Coro to delete auto-forwarding rules set up on end-user inboxes.

For more information, see Deleting auto-forwarding rules.

6 - Data governance

The following features have been added to the Endpoint Data Governance and User Data Governance modules:

6.1 - Unified ticket consolidation for sensitive data types in cloud shares and emails

In this release, Coro introduces two new User Data Governance ticket types for sensitive data detected in your users' cloud file shares and sent emails: Cloud Share Containing Sensitive Data and Email Containing Sensitive Data.

Instead of raising individual tickets for each monitored sensitive data type, Coro now consolidates all policy violations for an email or cloud share event into one of the two new sensitive data tickets, providing admin users with a more unified picture of user activity.

For more information, see Ticket types for User Data Governance.

6.2 - Unified ticket consolidation for sensitive data types in endpoint device drive scans

In this release, Coro introduces a new Endpoint Data Governance ticket type for the detection of sensitive data on your users' endpoint devices: Endpoint Drive Containing Sensitive Data.

Instead of raising individual tickets for each monitored sensitive data type, Coro now consolidates all detections from a device scan into a single sensitive data ticket, providing admin users with a more unified picture of sensitive data exposure on each device.

For more information, see Ticket types for Endpoint Data Governance.

6.3 - United Arab Emirates (UAE) sensitive data detection

Coro now detects the following sensitive data types:

• UAE ID Number
• UAE UID Number
• UAE Visa File Number
• UAE Passport Number
• UAE Driver's license number

For more information, see Sensitive data recognized by Coro.

7 - MDM

The following feature has been added to the MDM module:

7.1 - Demo mode

Coro now provides demo data for MDM services when in demo mode.

8 - Coro AI

The following feature has been added to Coro AI:

8.1 - Global view AI summary

The AI summary has now been added to the Global view.

For more information, see Coro AI Assistant

Enhancements

Version 3.7 introduces the following additional changes:

• Cloud Security enhancements
• Coro console enhancements
• EDR enhancements
• Endpoint Security enhancements
• Email Security enhancements

1 - Cloud security enhancements

1.1 - Impossible Traveler ticket enhancement

The Impossible Traveler ticket has been redesigned with a layout that includes clearer event descriptions, city and state details, login pair distances in kilometers, and total event counts to improve anomaly analysis and reduce data redundancy.

For more information, see Impossible Traveler.

2 - Coro console enhancements

2.1 - French (Canada) language support

The Coro console now supports French (Canada).

3 - EDR enhancements

3.1 - EDR settings

Admin users can now enable or disable EDR protection for their workspace in order to troubleshoot or resolve configuration issues.

For more information, see EDR Settings.

3.2 - Additional information added to EDR tickets

The following account-level details have been added to Privilege Escalation, Credential Access, and Persistence EDR ticket types:

• Subject User Name
• Target Group
• Affected User

3.3 - Allowlist and blocklist UI enhancements

The EDR allowlist and blocklist interface has been enhanced to simplify adding records.

4 - Endpoint Security enhancements

4.1 - Endpoint Security allowlist and blocklist UI enhancements

The Endpoint Security allowlist and blocklist interface has been enhanced to simplify adding records.

4.2 - Container hash information added to Malware on Endpoint tickets

Malware on Endpoint tickets now display the hash of the container in which a malicious file was detected.

4.4 - Enable/disable Allow self-update to the latest stable version device setting

Admin users can now enable or disable Allow self-update to the latest stable version in device settings.

5 - Email Security enhancements

5.1 - Improved Inbound Gateway test capabilities

Coro now provides improved test capabilities to confirm correct Inbound Gateway operation:

• A pre-DNS change configuration test to confirm that your email provider and Coro workspace are correctly configured to send and receive emails.
• A full end-to-end test to confirm that your services can communicate and your DNS settings are correctly configured to route email as expected.

For more information, see Configuring the Inbound Gateway.

5.2 - Localized email security warning banner to workspace language

The warning banner/message Coro adds to emails in warning-only mode is now localized to the workspace language.

5.3 - Set service as disconnected if all cloud service permissions are missing

Coro shows a status of Disconnected for all configured cloud applications where one or more required permissions are missing, or where Coro cannot connect to the application. For connections to Microsoft 365 or Google Workspace, Coro additionally provides a link for admin users to view and grant missing permissions.

Fixed issues

• Resolved an issue where Activity Log entries for disabled device protection did not include an Undo action.
• Resolved an issue where user aliases were not synced to protected users for Microsoft 365 and Google Workspace cloud applications, causing emails sent to alias addresses not to be protected or scanned by Coro.
• Resolved an issue where Reported by User tickets incorrectly displayed User is not protected even though the affected user was marked as protected on the Protected Users page.

Agent updates

This section describes the following additional Agent updates that we are releasing with version 3.7:

• Linux Agent 3.7
• macOS Agent 3.7
• Windows Agent 3.7

Prerequisites

The relevant Agent must be updated on your device before changes take effect. The features described will not function until the updated Linux, macOS, and Windows Agents are installed. Coro commences the roll-out of Agent updates after the release.

1 - Linux Agent 3.7

Linux Agent 3.7 includes the following:

1.1 - Disable Coro protection support

The Agent now supports disabling Coro protection on Linux devices.

1.2 - Bug fixes

General bug fixes were made for this release.

2 - macOS Agent 3.7

macOS Agent 3.7 includes the following:

2.1 - Scheduled malware scan support

The Agent now supports scheduled malware scans on macOS devices.

2.2 - Optimized scan performance of EDR and on-access scanning

The Agent now supports improved EDR and on-access scan performance.

2.3 - Bug fixes

General bug fixes were made for this release.

3 - Windows Agent 3.7

Windows Agent 3.7 includes the following:

3.1 - Remote Agent uninstallation support

The Agent now supports remote Agent uninstallation on Windows devices.

3.2 - Optimized scan performance

The Agent now supports improved scan performance during device startup.

3.3 - Enhanced malware reporting for container files

When malware is detected inside a container, the Agent now reports both the malicious file and its parent container file for improved visibility.

3.4 - Bug fixes

General bug fixes were made for this release.