DNS filtering

Admin users can enable or disable DNS filtering, which includes basic malware filtering when enabled. DNS filtering allows admin users to restrict or allow access to specific domains, as well as groups or categories of domains. For example, an admin user may block access to suspected malware sites, or enforce company policy by blocking access to gambling sites or social networks. By default, DNS filtering is disabled.

note

To apply DNS filtering, make sure the Network service in the Coro Agent or Endpoint Protection app is connected on each device. For more information, see The Network service in the Coro Agent or The Coro Endpoint Protection app.

Enabling DNS filtering

To apply DNS filtering to protected devices, you must both enable DNS filtering and assign device labels to allowlists or blocklists. Filtering only applies to devices that are part of the specified device labels; it does not apply to all devices in the workspace.

To enable DNS filtering:

  1. Sign in to the Coro console .
  2. From the sidebar, select Control Panel :

    Control panel sidebar

  3. Select SWG :

    control panel SWG

    Coro displays the SWG page:

    SWG page

  4. Enable DNS filtering:

    Enable DNS filtering

    Coro displays a confirmation dialog:

    Enable filtering confirm

  5. Select YES, ENABLE .
  6. Add device labels to allowlists or blocklists with device labels to which DNS filtering should apply. For more information, see Allowlists and blocklists .

When filtering is enabled, admin users can enable:

  • DNS resolver anonymous mode : Protects user privacy by not tracking individual data. This option ensures that Coro does not analyze or store the DNS request history.
  • Allowlist-only filtering : Blocks all URLs except those added to the allowlist.

Anonymous mode and allowlist-only filtering

Allowlists and blocklists

Below the DNS filtering section are the allowlists and blocklists. When an admin user enables DNS filtering for the first time, a predefined inactive set of external blocklists (locked URL groups) are added to the Allow/Block Lists section. Admin users can view, enable, and add device labels to these lists.

Default lists

Adding device labels to locked URL groups

To add device labels to locked URL groups:

  1. From the three-dot menu of the relevant URL group, select Edit URL group :

    Edit URL group

    Coro displays the Edit URL group dialog:

    Edit URL group

  2. Select device labels to which the allowlist or blocklist should apply.
  3. Select APPLY .
  4. If disabled, from the three-dot menu, select Enable URL group :

    Enable URL group

Adding URLs to lists

To add URLs, IP address ranges, subnets, or URL-based wildcards to an allowlist or blocklist:

  1. Select + ADD > Add to allowlist/blocklist :

    Add lists button

    Coro displays the Add to allowlist/blocklist dialog:

    Add lists dialog

  2. Enter URLs, IP address ranges, subnets, or URL-based wildcards.
  3. Select the device labels to which the list should apply.
  4. Select ADD TO LIST .

Adding URL groups to lists

To add a list of URLs, IP address ranges, subnets, or URL-based wildcards to an allowlist or blocklist:

  1. Select + ADD > Import URL group to allowlist/blocklist :

    Add URL groups button

    Coro displays the Import URL group to allowlist/blocklist dialog:

    Add URL groups dialog

  2. Upload a text file of the URLs, IP address ranges, subnets, or URL-based wildcards. To facilitate creating a valid text file, Coro provides a link to a template in the Import URL to allowlist/blocklist dialog. Each entry should be on a separate line:

    Import lists with CSV

  3. Enter a name for the URL group.
  4. Select the device labels to which the list should apply.
  5. Select IMPORT .

Managing lists

View, edit, remove, disable, or enable allowlists and blocklists from the three-dot menu next to each list. Disabled lists appear grayed out:

Manage lists