Version 3.7, a major release, includes:
Before using the features and enhancements described below, you must update the relevant Coro Agent on your device. Coro commences the roll-out of Agent updates after the release.
This section describes the new features that we are releasing with version 3.7.
The following features have been added to the Coro console:
The single workspace view actionboard has been redesigned to include a summary of all open tickets, direct links to the protected devices and protected users lists, and a new workspace health score, which is based on open tickets and security gaps.
For more information, see The Actionboard.
The ticket detail pane has been redesigned to help you take faster, more informed actions. When you select a ticket, you'll now see four tabs:
- Overview
- Full details
- Activity logs
- Comments
The Overview tab highlights Coro's Recommended Steps or a one-click Quick Fix option.
Recommended steps are suggested actions that admin users can review and apply manually.
You can apply Quick Fix options directly by selecting APPLY QUICK FIX at the top of the pane.
For more information, see Using the ticket log.
Tickets that remain open for review are now automatically closed after 10 days for the following modules:
- Cloud Security
- Email Security
- Endpoint Data Governance
- Endpoint Security
- User Data Governance
Admin users can now take actions on multiple tickets at once. When multiple tickets are selected, actions that can be taken for all of them are displayed.
MSP admin users can now access and manage global allowlists and blocklists for EDR, Email Security, and Endpoint Security.
For more information, see Global allowlists and blocklists.
The following feature has been added to the Cloud Security module:
The Cloud Security page now supports additional threat detection policies. Admin users can assign different actions per detection and assign them to all users, specific groups, individual users, or user labels.
New detection types include:
- Abnormal Admin Activity
- Mass Data Deletion
- Mass Data Download
- Suspected Bot Attack
- Suspected Identity Compromise
Each policy change is now logged in the Activity Log, with timestamp, detection type, remediation setting, and affected users or groups. Admins can also undo suspended actions from the Activity Log or Ticket Log.
For more information, see Threat types.
The following features have been added to the Endpoint Security module:
Admin users can now trigger remote Coro Agent uninstallations for Windows devices directly from the Coro console.
For more information, see Uninstalling Windows devices from the Coro console.
Admin users can now allow specific USB devices by serial number when configuring USB Lockdown device policies.
For more information, see Endpoint device USB Lockdown.
The following features have been added to the Network and SWG modules:
The Network module has now been split into two modules:
- Network: VPN or ZTNA and site-to-site tunnels
- SWG: DNS filtering and custom domain records
Settings that apply to both modules can be configured in the new Network Settings section from the Control Panel.
In the new SWG module, admin users can now apply DNS filtering allowlists and blocklists to specific devices using device labels.
For more information, see DNS filtering.
The new SWG module now includes a default blocklist for DNS filtering called Shadow AI, designed to block access to most AI chatbots unless explicitly allowlisted.
The DNS summary report now includes a new layout. The top section shows total DNS queries, blocked queries, and other summary details. The lower section lists blocked domains and the users or devices that attempted to access them.
For more information, see Workspace reports.
Coro now provides Brazil as an additional region when setting up your virtual office.
The following features have been added to the Email Security module:
Coro now identifies suspected hidden or obfuscated AI request prompts in the subject or body of emails. The detected prompts might be manipulative, misleading, or malicious in nature, and appear designed to trigger unexpected actions on downstream mail servers that utilize AI services.
For more information, see Scanning emails for threats.
Coro can now send regular reports to your end users showing a list of emails that Coro quarantined before reaching their inbox. This enables users to safely identify where legitimate emails were misclassified, and to request administrators and security teams to review and release those emails.
For more information, see Sending reports for quarantined emails to users.
To help organizations protect company emails from unauthorized recipients, admin users can now instruct Coro to delete auto-forwarding rules set up on end-user inboxes.
For more information, see Deleting auto-forwarding rules.
The following features have been added to the Endpoint Data Governance and User Data Governance modules:
In this release, Coro introduces two new User Data Governance ticket types for sensitive data detected in your users' cloud file shares and sent emails: Cloud Share Containing Sensitive Data and Email Containing Sensitive Data.
Instead of raising individual tickets for each monitored sensitive data type, Coro now consolidates all policy violations for an email or cloud share event into one of the two new sensitive data tickets, providing admin users with a more unified picture of user activity.
For more information, see Ticket types for User Data Governance.
In this release, Coro introduces a new Endpoint Data Governance ticket type for the detection of sensitive data on your users' endpoint devices: Endpoint Drive Containing Sensitive Data.
Instead of raising individual tickets for each monitored sensitive data type, Coro now consolidates all detections from a device scan into a single sensitive data ticket, providing admin users with a more unified picture of sensitive data exposure on each device.
For more information, see Ticket types for Endpoint Data Governance.
Coro now detects the following sensitive data types:
- UAE ID Number
- UAE UID Number
- UAE Visa File Number
- UAE Passport Number
- UAE Driver's license number
For more information, see Sensitive data recognized by Coro.
This module will be updated soon.
The following feature has been added to the MDM module:
Coro now provides demo data for MDM services when in demo mode.
The following feature has been added to Coro AI:
The AI summary has now been added to the Global view.
Version 3.7 introduces the following additional changes:
- Cloud Security enhancements
- Coro console enhancements
- EDR enhancements
- Endpoint Security enhancements
- Email Security enhancements
The Impossible Traveler ticket has been redesigned with a layout that includes clearer event descriptions, city and state details, login pair distances in kilometers, and total event counts to improve anomaly analysis and reduce data redundancy.
For more information, see Impossible Traveler.
The Coro console now supports French (Canada).
Admin users can now enable or disable EDR protection for their workspace in order to troubleshoot or resolve configuration issues.
For more information, see EDR Settings.
The following account-level details have been added to Privilege Escalation, Credential Access, and Persistence EDR ticket types:
- Subject User Name
- Target Group
- Affected User
The EDR allowlist and blocklist interface has been enhanced to simplify adding records.
The Endpoint Security allowlist and blocklist interface has been enhanced to simplify adding records.
Malware on Endpoint tickets now display the hash of the container in which a malicious file was detected.
Admin users can now enable or disable Allow self-update to the latest stable version in device settings.
Coro now provides improved test capabilities to confirm correct Inbound Gateway operation:
- A pre-DNS change configuration test to confirm that your email provider and Coro workspace are correctly configured to send and receive emails.
- A full end-to-end test to confirm that your services can communicate and your DNS settings are correctly configured to route email as expected.
For more information, see Configuring the Inbound Gateway.
The warning banner/message Coro adds to emails in warning-only mode is now localized to the workspace language.
Coro shows a status of Disconnected for all configured cloud applications where one or more required permissions are missing, or where Coro cannot connect to the application. For connections to Microsoft 365 or Google Workspace, Coro additionally provides a link for admin users to view and grant missing permissions.
- Resolved an issue where Activity Log entries for disabled device protection did not include an Undo action.
- Resolved an issue where user aliases were not synced to protected users for Microsoft 365 and Google Workspace cloud applications, causing emails sent to alias addresses not to be protected or scanned by Coro.
- Resolved an issue where Reported by User tickets incorrectly displayed User is not protected even though the affected user was marked as protected on the Protected Users page.
This section describes the following additional Agent updates that we are releasing with version 3.7:
The relevant Agent must be updated on your device before changes take effect. The features described will not function until the updated Linux, macOS, and Windows Agents are installed. Coro commences the roll-out of Agent updates after the release.
Linux Agent 3.7 includes the following:
The Agent now supports disabling Coro protection on Linux devices.
The Agent now supports remote shell access on Linux devices, enabling admin users to execute commands remotely for investigation and troubleshooting.
General bug fixes were made for this release.
macOS Agent 3.7 includes the following:
The Agent now supports scheduled malware scans on macOS devices.
The Agent now supports improved EDR and on-access scan performance.
General bug fixes were made for this release.
Windows Agent 3.7 includes the following:
The Agent now supports remote Agent uninstallation on Windows devices.
The Agent now supports improved scan performance during device startup.
When malware is detected inside a container, the Agent now reports both the malicious file and its parent container file for improved visibility.
General bug fixes were made for this release.