Secure Endpoint 10.1 release notes

This topic describes the software updates included in Secure Endpoint 10.1. In addition to the specific changes detailed here, each release also includes broader system enhancements designed to strengthen security, optimize performance, and enhance overall stability.

To view the software updates that apply to the Secure Endpoint Agent, see the Secure Endpoint Agent release notes - Version 10.1.

Depending on the Absolute product licenses associated with your account, some of the following features, enhancements, and fixes may not be available to you.

  • November updates
  • Release 10.1

The following features, enhancements, improvements, and fixes were introduced in the November release of Secure Endpoint 10.1.

Features and enhancements

If your organization manages multiple client or site accounts, you can now simplify access to the Secure Endpoint Console by using a single set of credentials for all Absolute accounts through a pan-tenant login configuration. This setup is particularly useful for Managed Service Providers (MSPs) that support numerous clients, or for enterprises that maintain separate accounts for different business units, regions, or subsidiaries. Learn more

  • When submitting a Run Playbook request, the following playbooks are now available for selection:

    • Run script from file: remotely run a batch (.bat) or PowerShell (.ps1) script that is stored on a server or a file hosting service. The playbook provides an alternative to the existing Run script playbook.

      Learn more

    • Multi-operations: combine actions from the following playbooks into a single Run Playbook request:

      • Run script

      • File operations (add or delete)

      • Set/remove registry keys

      Learn more

  • When a device is provisioned or deprovisioned, or the Absolute Bootloader is updated, device users can now postpone each required restart for 8 hours (instead of 2). They can also postpone each restart up to 3 times.

Improvements and fixes

Feature/Area Details
Absolute APIs

  • The following resources have been added:

    • Geolocation: The Geolocation resource allows you to view, enable, or disable settings that control which geolocation technologies are used to collect location information from the devices in your account.
    • EDD Reporting: The EDD Reporting resource allows you to get information about the sensitive or at-risk file content residing on your devices.
    • Perform EDD Scan: The Perform EDD Scan resource allows you to request an on-demand scan of a group of devices using each device's Endpoint Data Discovery (EDD) policy configuration.
    • EDD Configuration: The EDD Configuration resource allows you to query and configure the Endpoint Data Discovery (EDD) policy for each policy group in your account.
AI Assistant

  • The AI Assistant now provides an accurate response when asked what types of questions it can or cannot answer.

  • The AI Assistant can now provide details about how to contact Absolute Technical Support.

  • When a response includes a chart, you can now export the chart's data to a report.
Applications

  • You can now filter the Application Compliance report by Device group, making it easier to view compliance data for specific groups of devices.

  • Fixed an issue where the compliance status for CrowdStrike Falcon could show differently between the Application Resilience report and the Application Compliance report. Both reports now consistently display the correct compliance status for the application.
Application Resilience

  • Resolved an issue where health checks for Microsoft Defender Antivirus could fail if the required PowerShell module was not loaded. The fix now ensures the module is loaded before execution, improving health check reliability.

  • Application Resilience policies for VMware Workspace ONE now support a new default signer name, Omnissa, LLC, reflecting the transition from VMware to Omnissa.

  • Application Resilience policies for versions 4.4, 4.6, and 4.8 of Cisco Secure Client have been updated to skip health checks for higher versions when the Report higher versions as Compliant option is selected.

  • Fixed an issue where clicking an Application Resilience policy link in the Application Compliance report redirected users to the wrong panel. Policy links now correctly open the intended application policy panel for easier navigation.
Bulk device actions

  • If an uploaded serial number matches a device record for both a Disabled device and an Active device, the Disabled device is now ignored, and the Active device is included in the bulk action.
Chromebook support

  • A new Chromebooks report column, Auto-update through, is now available. It replaces the Chromebooks > Auto-update expiration column, which has been deprecated by Google.

    The Auto-update expiration column is still available in device reports, but it will be removed in a future release.
Custom Data

  • The maximum number of data points (Default and Custom) per account has increased from 100 to 1000.
Dashboards

  • When creating or editing a widget with a line chart, the Field (line) field is now labeled Series. This field is now optional when the data source is Devices or Applications, enabling you to create charts that are strictly date-based. In these date-only charts, each line’s tooltip displays only the date and the aggregated value (for example, device count).

  • When exporting widget data that is based on the Devices data source, and the Metric field is set to either EDD match score or EDD Risk score, the EDD column in the exported report no longer erroneously contains "(average)".

  • Fixed an issue where some users encountered a console error due to missing filter information in certain dashboard widgets created through AI Assistant questions. This update ensures that missing data no longer causes the page to crash.
Device Details

  • On a device's History page, a runtime error may have occurred when using the data picker to filter Action events for a specific date range. This issue is now fixed.

  • If users try to access custom data point creation screens in the console via a URL, and they do not have the necessary permissions, they will now see a clear "Unauthorized" message.

  • Fixed an issue where the Last updated field for Custom Data Points in Device Details showed times in UTC instead of the user's local timezone. The field now correctly displays the last updated time based on the user profile's timezone.

  • Fixed an issue where device details and usage would not load in the console in specific environments. This update ensures device information now loads correctly without requiring users to clear their browser cache.

  • Fixed an issue where clicking a device name link in custom reports from the Applications tab resulted in a 404 error. Device details pages now load correctly when accessed from these reports.
Device re-enrollment

  • Previously, when a device was unenrolled, the following pending or in progress requests were immediately canceled on the device, but not on the server:

    • Freeze requests

    • Offline Freeze requests created by an Offline Freeze rule

    • Remove Freeze requests

    If the device was later re-enrolled, the canceled request was unexpectedly reapplied to the device.

    This issue is fixed. The requests are now canceled on the server.

    This improvement only applies to devices unenrolled after the November release of Secure Endpoint 10.1.

  • Previously, when a frozen device was unfrozen by an Unenroll Device request, the device's Device Details page incorrectly showed a Frozen status alert banner if the device was later re-enrolled. This issue is now fixed.

  • The Reported Missing status (if assigned) has been removed from all unenrolled devices. This prevents the status from being automatically reassigned if the device is later re-enrolled.
Endpoint Data Discovery

  • A device's existing EDD scan data failed to show in the Match Score Summary report if the device was moved to a new policy group with an activated Endpoint Data Discovery policy. This issue is now fixed.

  • Fixed an issue where users could not scroll to view all custom rules on the EDD Rules page. You can now scroll through the full list of custom rules on this page.
Full-disk encryption

  • Resolved an issue where the encryption status for FileVault 2 could be incorrectly reported as Encrypted, even when key details (Algorithm and Key size) were missing. The system now properly handles cases where these fields are null, ensuring accurate encryption reporting.
History > Actions

  • When exporting a Cryptographic Wipe request, the exported report now includes a Certificate column that contains the internal identifier of the certificate.
History > Action Requests

  • On the Action Requests page, clicking a link in the Identifier column failed to open the device's Device Details page. A Resource not found error message was displayed instead. This issue is now fixed.
History > Events

  • Fixed an issue where clicking the Event History link after creating, updating, or deleting a supervisor password led to a 404 error. The link now correctly takes users to the Events page, where the relevant event is shown.
Language support

  • When a new user first logs in to the console, and the Secure Endpoint Console doesn't support the web browser's preferred language, English (United States) is now automatically applied. Users can update their preferred language in their user profile.
License management

  • For accounts with site licenses or Enterprise License Agreements, the Total quick filter in the license summary area of the Products report showed the number of Base licenses in use, instead of the total active Base licenses associated with the account. This issue is now fixed.
Playbooks
  • Previously, when running a File operations (add file) playbook, the file failed to be added to the device if a file with the same file name (without a file extension) already existed in the target folder. This issue is now fixed. The added file overwrites the existing file.
Reports

When creating a custom report from any device group, all the same filter and column options are now available as in the All Devices page. This update ensures device group reports have access to the full set of fields, making them consistent with standard device reports.
Rules
  • For the Set cooldown period option in Action rules, the maximum value has increased from 4 days to 30 days.
  • Previously, if you changed the name of a Custom Field that was being used in an Action rule configuration, the name was not updated in the rule. This issue is now fixed.
Settings

  • The redundant word “settings” has been removed from titles and menus for the Account, Authentication, and Chromebook settings pages. This change is intended to streamline the interface and make navigation clearer only — no functionality is affected.
User Management and permissions

  • The Users page and the Assigned Users tab within the Roles page — both located in the User management area — have been redesigned to match the look and feel of the rest of the console, ensuring a more consistent experience.

The following features, enhancements, improvements, and fixes were introduced in Secure Endpoint 10.1.

Features and enhancements

To limit the impact of a bad actor, a misconfiguration, or human error, System Administrators can now set a maximum total number of actions that can be submitted per day for an account.

Each supported device action has its own setting, which is set to the following value recommended by Absolute, but this value can be customized:

Device action Daily threshold default value

Delete File

 500

Freeze

 500

Remove Freeze

 100,000
Run Playbook 500
Run Script 20,000

Send Message

 100,000
Unenroll Device 100,000

Wipe

 500

All settings are enabled by default, with the exception of the Remove freeze action.

The daily threshold applies to actions submitted in the console, the Absolute API, or by an Action rule.

After the daily threshold is reached, new requests can't be submitted unless the user's user role is granted the new Account Threshold Configurations permission, and they choose to override the threshold.

Learn more about setting daily thresholds for actions


  • The following enhancements have been added to user-initiated playbooks:
    • A banner now shows in Device Details when a user-initiated playbook has been requested for the device. The device's Playbook passcode can be viewed in the banner.

    • In Action History, you can now track the progress of Run Playbook requests for user-initiated playbooks. The device's Playbook passcode is also shown.

      Status updates are available on the following console pages:

      • Device Details > Actions

      • History > Action Requests

      • History > Actions

    • When a Run Playbook request for a user-initiated playbook has been processed on a device, one of the following events is now logged to Event History:
      • Playbook failed
      • Playbook completed
    • When a new Run Playbook request causes a pending user-initiated playbook to be replaced by a new user-initiated playbook, a Playbook replaced event is now logged to Event History.
  • The following enhancements related to device eligibility have been added:

    • When adding the Playbooks > Status column to a device report, you can now also add a Playbook > Status details column. This column contains additional information to help you troubleshoot devices with a Playbooks status of Not supported or Not enabled. Learn more

      Status details are also shown on a device's Details > Summary page. To view the details in a tooltip, hover over the icon in the Playbooks field.

    • When viewing a policy group in the Policies > Policy Groups area, a icon now shows next to the Playbooks policy when any of the policy group's devices are not eligible to run playbooks. You can click the icon to view a report that includes the Playbooks > Status and Playbook > Status details report columns. Learn more
    • If Secure Endpoint Agent version 10.0.0.2 or lower is assigned to a policy group, you can no longer activate the policy group's Playbooks policy (activation slider is grayed out), because the policy group's devices are not eligible to run playbooks.

    • To help troubleshoot ineligible devices, you can now add the following report columns to any device report:

      • Boot Info >

        • Boot Order Locked
        • Microsoft 3rd Party UEFI CA
        • Secure Boot
      • TPM >
        • Activated
        • Enabled
        • Owned
        • Spec Version

    Learn more about troubleshooting Playbooks ineligibility

  • When submitting a Run Playbook request, a warning banner now shows on the Run playbook dialog if Secure Boot is disabled on one or more devices.
  • If a Run Playbook request is in progress on a device when the device's Playbooks policy is deactivated, a Playbook canceled event is now logged to Event History.
  • When submitting a Run Playbook request for a playbook that contains multiple actions, you can now change the execution order of the actions. Drag and drop actions to change their sequence in the list. Learn more
  • Dual approval limits are now supported for Run Playbook actions.

Installer files uploaded during Application Resilience policy configuration are now automatically scanned for malware at the time of upload and on a weekly basis. If the scan detects a potential threat, administrators are notified and can approve or delete the file. Unaddressed threats are automatically deleted after seven days. This enhancement helps ensure files are safe before they are used in policies or deployed to devices. Learn more

Programmatic token rotation allows you to replace your API tokens before they expire without the need for manual intervention in the Absolute console. When this option is enabled in a token's settings, you can use integration scripts or direct API calls to programmatically manage the token's lifecycle via the Absolute API. Learn more

The following endpoints have been added to the Absolute API to support programmatic token rotation:

  • GET /v3/configurations/tokens/{tokenID}: Retrieve information about a token using its token ID

  • POST /v3/configurations/tokens/{tokenID}/rotate: Retire the current token using its token ID and create a new token to replace the retired token

The following events are now logged to Event History:

  • Playbook replaced
  • Playbook canceled
  • Account-level daily threshold updated
  • Over threshold action request approved
  • Rule-triggered action hit the account threshold
  • Installer file uploaded
  • Installer file approved
  • Installer file deleted
  • Installer file scan succeeded
  • Installer file scan not completed
  • Installer file scan detected threats
  • API token superseded
  • API token disabled
  • API token reactivated

If desired, you can create an Alert rule based on any of these new events.

To support the new features and enhancements introduced in this release, the following permission has been added:

  • Account Threshold Configurations

This permission has been granted to the appropriate default roles. For example, System Administrators are granted Manage capabilities for this permission. To grant this permission to any custom roles you've created, update each role's permissions.

Improvements and fixes

Feature/Area Details
Absolute APIs

  • The following resources have been added:

    • Geofence: The Geofence resource allows you to query the geofences that exist in your account. You can also create and delete geofences.
    • Tokens: The Tokens resource allows you to view or rotate the API token that you use to authenticate calls to the Absolute API.
    • Action Thresholds: The Action Thresholds resource allows you to query and update your account's daily action threshold settings.
  • The following resources were updated to support the new daily action threshold settings:
    • Freeze
    • Reach
    • Wipe
    • Unenroll
    • Messaging
    • File Delete
    • Playbook
AI Assistant

  • Previously, if your question included one or more special characters, an incorrect response or the following error message was returned:

    We were unable to submit your request due to a system problem. Please try again.

    This issue is now fixed.
API management

  • When creating an API token with asymmetric encryption, you can now download a token file containing details such as the token's name, description, and ID. For security reasons, the private key is not included in the file.

  • You can no longer delete an API token in edit mode. To delete a token, hover over the token on the API management page and click the icon.
Applications

  • When the overview pane was displayed to the right of the work area on the Application Summary page, refreshing the page caused the overview pane to close. This issue is now fixed.
Application Resilience

  • Application Resilience policies for BeyondTrust Jump Client now support version 24.3.2.x or higher, including the ability to upload the installer as an MSI file.

  • Specifying the location of application binary files is now optional when configuring Application Resilience policies for Ivanti Endpoint Manager. This change allows for greater flexibility in policy setup; however, if the location is left blank, the Repair feature will be unavailable.

  • Application Resilience policies no longer support the following applications:

    • Dell Advanced Threat Prevention

    • Dell Data Guardian

    • SmartEye

    • Plurilock CloudCodes

    • IMTLazarus Agent

    • Unowhy MDM

    • NetSfere
Chromebook support

  • Version 2.6.6.4 of the Absolute for Chromebooks extension is now available. This version fixes an issue where a Freeze or Send Message request may have failed to be processed on the device, in some rare cases.
Device re-enrollment

  • Previously, when a device was unenrolled, any device action requests that were pending or in progress were immediately canceled on the device, but not on the server. If the device was then re-enrolled, the device action request was unexpectedly reapplied to the device.

    This issue is now fixed for the following device actions:

    • Delete file
    • Perform EDD scan
    • Report missing
    • Run script
    • Send message
    • Wipe

    This improvement only applies to devices unenrolled after the release of Secure Endpoint 10.1.
History > Events

  • When an Unenroll Device request cancels one of the following device actions, an <Action> failed event is now logged with a failure reason of Device is unenrolled:

    • Delete file
    • Perform EDD scan
    • Run script
    • Send message
    • Wipe

  • When a device that has been reported missing is unenrolled, a Missing device unenrolled event is now logged. The device is also removed from the Missing Devices page in the Devices area.
License management

  • In the license summary area, clicking the device count next to the Unlicensed bar may have caused some quick filters to be grayed out. If the user then clicked the Unlicensed quick filter, the wrong filter may have been applied to the results grid. These issues are now fixed.
Mac support

  • macOS 13 has reached end of support by Apple. It is no longer officially supported by the Secure Endpoint Agent.
Playbooks

  • Previously, Set/remove registry keys playbooks failed to remove registry key values of the following types:

    • REG_BINARY

    • REG_MULTI_SZ

    This issue is now fixed.
User Management and permissions

  • The Dashboard Security permission, which is obsolete, has been removed from the Permissions page in the Roles area.
Windows support

  • Windows 10 has reached end of support by Microsoft. It is no longer officially supported by the Secure Endpoint Agent.
Wipe