Secure Endpoint Agent 11.1 release notes

If automatic agent updates are disabled, you can assign an agent version to your account's Windows and Mac devices to prevent agent upgrades.

To determine if you want to assign agent version 11.1, review this topic to learn about the improvements included in this version of the Secure Endpoint Agent.

To learn about all features, enhancements, and fixes introduced in Secure Endpoint 11.1, see the Secure Endpoint 11.1 release notes.

About the Secure Endpoint Agent

The Secure Endpoint Agent is a small software client that resides on devices that are managed in the Secure Endpoint Console. After the agent is initially installed on a new device, it's activated with the first connection to the Absolute Monitoring Center.

Each agent package includes software specific to its supported operating system, including the agent and its associated agent components, an installer, and a readme file.

Secure Endpoint Agent 11.1 supports devices running the following operating systems:

Operating system Supported versions
Windows

  • Windows 11:

    • Windows 11 Home
    • Windows 11 Pro
    • Windows 11 Enterprise
    • Windows 11 IoT Enterprise editions
    • Windows 11 SE

      Note that due to restrictions imposed by Microsoft, the following features aren't supported on Windows 11 SE:

      • Application Resilience: applications that require PowerShell for health checks, unless otherwise noted
      • Custom Data: data points that use PowerShell scripts
      • Reach Scripts: all PowerShell scripts

    Windows 11 ARM-based devices are supported.

    Microsoft ended its standard support for Windows 10 on October 14, 2025. We recommend upgrading to Windows 11 for ongoing security updates and full feature support.

  • Windows Server:

    • Windows Server 2025 Datacenter Edition

    • Windows Server 2022 Datacenter Edition

    Note that the following features aren't supported on Windows Server:

    • The detection of installed anti-malware applications

    • Device Wipe

    • Geolocation tracking

    • Playbooks (Absolute Rehydrate)
Mac
  • macOS 14, 15, and 26

The following agent components are associated with Secure Endpoint Agent 11.1:

Agent or component Windows version Mac version

Core agent The core agent (also known as rpcnet) is a small software client that resides in devices that are managed in the Secure Endpoint Console. After the core agent is initially installed on a new device, it is activated with its first connection to the Absolute Monitoring Center and the device is enrolled in Absolute. The core agent then makes scheduled connections every 24.5 hours. (rpcnet)

 8.6006.0.1245 7002

Component manager The component manager (also known as CTES) is installed on top of the core agent and manages the agent components responsible for initiating device actions and collecting device data. Most agent components are controlled by policies, such as the Hardware and Installed Applications policies. The component manager typically connects to the Absolute Monitoring Center every 15 minutes, at a minumum, to send device data and receive instructions.

(CTES)

 1.0.0.4223 1.0.0.4221

Core Service

(CTESPersistence)

 2.0.1.17 1.0.3.14

Anti-Malware

(AVP)

 1.0.13.19 1.0.11.42

Application Resilience

(RAR)

 7.16.1.19 N/A

Custom Data

(CDC)

 1.0.14.20 N/A

Data Discovery

(DARAgent)

 11.0.2.7 11.0.2.2

Device Usage

(DUR)

 1.0.10.13 1.0.8.27

End User Messaging

(EUM)

 1.0.5.20 1.0.4.9

File Delete

(SDD)

 1.0.9.20 1.0.9.8
Freeze
(DFZ)		 1.0.10.4

1.0.5.18

Full-Disk Encryption
(ESP)

 1.0.12.4 1.0.10.26

Geolocation

(GEO)

 1.0.15.34 1.1.2.57

Hardware

(HDP)

2.0.17.27

 1.0.13.38

Installed Applications

(SNG)

 1.0.16.100 1.0.12.27

Manage Supervisor Password and
Playbooks
(PER)

1.0.10.8

 N/A

Reach Script

(ANS)

 1.0.6.4 1.0.7.5

Web Usage

(WMA)

 11.0.2.3 N/A

Wipe

(SDW)

 1.0.8.19 1.0.4.5

You can view the version number of a device's core agent and component manager on its Details > Summary page.

Absolute for Chromebooks Extension: 2.6.6.8

You can view the version number of a device's Chromebook extension by adding the Core agent version column to a device report.

Agent improvements and fixes

Version 11.1 of the Secure Endpoint Agent includes improvements and fixes to the following agent components:

Component Component version Fixes and improvements
Windows

Component manager

(CTES)

 1.0.0.4223

  • The Secure Endpoint Agent now supports payload encryption for data reported by the ESP component. This enhancement helps protect sensitive information, such as BitLocker recovery keys, from interception by deep packet inspection (DPI) tools while data is transmitted to the Absolute Monitoring Center.

  • Fixed an issue where the restart prompt was not displayed if a user was not logged in when a reboot was requested by the PER component. The CTES component now waits for a user to log in before displaying the prompt to ensure the restart request is visible.

  • Security of the CTES component has been improved by adding a bounds check to the data serialization process. This update prevents potential data corruption and ensures the integrity of security-relevant information, such as policy configurations and device state data, when processing large data sets. Severity: Medium

  • Performance and logging improvements.

Custom Data Collector

(CDC)

 1.0.14.20

  • Obsolete JavaScript files are no longer included when the CDC component is downloaded, reducing the component's footprint on the device without affecting the collection of data points.

Full-Disk Encryption

(ESP)

 1.0.12.4

  • The ESP component can now be configured to collect BitLocker recovery keys from your Windows devices. Learn more

Installed Applications

(SNG)

 1.0.16.100

  • Fixed an issue where application usage data from Windows devices occasionally contained null values, which could prevent the data from being processed correctly. The data collection process has been updated to ensure that only valid usage reports are transmitted and processed.
Manage Supervisor Password and
Playbooks
(PER)		 1.0.10.8

  • Fixed an issue where the PER component was unable to validate the installation of the Absolute Bootloader on some devices due to EFI volume mounting errors. The agent now uses an improved validation method and includes retry logic to ensure the Bootloader is accessible.

  • The following security and reliability improvements were added to the PER component:

    • Improved how internal file paths are handled to ensure that long registry entries are processed safely, maintaining system stability and protecting against potential memory issues. Severity: High

    • The validation logic used when manifest files are processed has been updated. This change ensures that configuration data is handled reliably during agent restarts, preventing potential system instability or undefined behavior. Severity: Medium

    • Optimized how system resources are managed during the setup and monitoring of the recovery partition to provide more efficient system performance and enhance the overall reliability of recovery operations. Severity: Medium

    • All source file hashes are now validated before the installation process begins. This update ensures that all necessary files are fully verified for integrity before they are installed, further protecting the endpoint against unauthorized changes. Severity: Medium

    • Enhanced how sensitive data is managed in system memory to ensure that temporary encryption information is more effectively cleared after use. Severity: Medium

    • Stronger validation for encrypted data is now enforced to strengthen the integrity of local communications and help protect system configuration data from unauthorized changes. Severity: Medium

Reach Script

(ANS)

 1.0.6.4

  • Fixed an issue where Reach scripts on Windows devices occasionally failed to execute due to a race condition when reading the action configuration. The Secure Endpoint Agent now automatically retries the parsing process to ensure scripts run successfully.
Mac

Component manager

(CTES)

 1.0.0.4221

  • The Secure Endpoint Agent now supports payload encryption for data reported by the ESP component. This enhancement helps protect sensitive information, such as BitLocker recovery keys, from interception by deep packet inspection (DPI) tools while data is transmitted to the Absolute Monitoring Center.

  • Security of the CTES component has been improved by implementing stricter access controls and more secure storage for internal communication channels on macOS devices. Previously, certain temporary communication files were created with overly permissive access, which could potentially allow unauthorized local users to intercept sensitive device information. These files have been moved to protected system directories with restricted permissions to ensure only authorized processes can access the data. Severity: High

  • Security of the CTES component has been improved by moving inter-process communication files from a world-writable directory to a protected, root-owned directory on macOS devices. This change prevents potential symbolic link attacks where a local attacker could manipulate files to gain unauthorized access. Severity: Medium

  • Security of the CTES component has been improved by ensuring that cryptographic keys used for inter-process communication on macOS are generated using a non-deterministic seed. Previously, a predictable sequence was used to derive these keys, which could potentially allow an attacker to forge authenticated messages. This issue is now fixed. Severity: Medium

  • Security of the CTES component has been improved by adding a bounds check to the data serialization process. This update prevents potential data corruption and ensures the integrity of security-relevant information, such as policy configurations and device state data, when processing large data sets. Severity: Medium

Device Usage

(DUR)

 1.0.8.27

  • The DUR component has been updated to fix an issue where devices that were experiencing frequent power or session events, such as those in a reboot loop, may have stopped reporting Device Usage data.