Secure Endpoint 11.0 release notes

This topic describes the software updates included in Secure Endpoint 11.0, along with subsequent hotfixes and upgrades. In addition to the specific changes detailed here, each release also includes broader system enhancements designed to strengthen security, optimize performance, and enhance overall stability.

To view the software updates that apply to the Secure Endpoint Agent, see the Secure Endpoint Agent release notes - Version 11.0.

Depending on the Absolute product licenses associated with your account, and your Absolute data center, some of the following features, enhancements, and fixes may not be available to you.

  • March updates
  • February updates
  • Release 11.0

The following features, enhancements, improvements, and fixes were introduced in a March release of Secure Endpoint 11.0.

When configuring a policy group's Playbooks policy, you can now enable automated playbook actions (also known as Absolute Failsafe) to allow user-initiated playbooks to automatically run on devices that are not physically accessible to you or a device user.

When the Automated playbook actions setting is enabled, user-initiated Run Playbook requests are processed automatically if the device repeatedly fails to boot into Windows. You can configure the number of consecutive failed boot attempts before the playbook runs. The default is 3, but values from 3 to 5 are supported.

Note that the automated playbook actions setting only applies to devices running Secure Endpoint Agent 11.0.0.3 or higher.

Learn more

A new option, Include offline locations, is now available when the Device location device state is selected in an Action rule.

Select the Include offline locations checkbox to allow locations detected while a device was offline to be included in the rule evaluation once the device reconnects. If you leave the checkbox unselected, only the device's most recent online location is used.

Learn more

Improvements and fixes

Feature/Area Details
Absolute APIs

  • The Roles resource has been added to the Absolute API. This new resource allows you to retrieve a list of all roles associated with your Absolute account.

  • The following endpoints have been added to the Custom Fields resource:
AI Assistant

  • You can now ask AI Assistant questions about how to perform tasks in the Secure Endpoint Console. When you ask a question about using a feature or completing a task, AI Assistant searches the Help system and provides step-by-step instructions based on the relevant Help topics.

  • You can now save chart data generated by AI Assistant as a custom report for future reference.
Application Resilience

  • Application Resilience policies for BeyondTrust Jump Client now support a new default signer name, BeyondTrust Corporation, reflecting the updated signer used by the service.

  • Application Resilience policies now allow you to persist the following application versions:

    • Version 14.21.x or higher of Absolute Secure Access

    • Version 26.1.x or higher of Syxsense Responder

  • Fixed an issue where the alert message for the target application version was not shown when configuring an Application Resilience policy in Reinstall mode for Trellix Drive Encryption.
Bulk device actions

  • On the Devices from uploaded file page, the Last connected report column now shows the correct date and time. Previously, it showed each device's Last core agent connection date and time.
Chromebook support

  • Version 2.6.6.7 of the Absolute Extension for Chromebooks is now available. It adds the following improvement:

    • When new versions of the extension are released, they are now automatically installed on each Chromebook without requiring a reboot, logout, or user action.
Dashboards

  • Fixed an issue where the Application build is not empty filter was removed when saving a report from a widget that used the Applications data source. The filter is now correctly preserved in the resulting custom report.
Device Details

  • You can now refresh the event timeline on a device’s History page to display the most recent events while preserving the current date range and filter settings.

  • When you export a device's Location History page, the exported report now includes the same columns as a Location History report exported from the device's History page.

  • Previously, device details and reports displayed certain hardware values in inconsistent formats (for example, 2.00 GB vs. 2 GB). This issue is now fixed.
General

  • Previously, when viewing the following items, the dialog inherited the URL of the parent page:

    • Devices in a policy group

    • Devices that were ineligible for the Playbooks, Required Applications, or Device Compliance policy

    This issue is now fixed. Each dialog now has a unique URL.
History > Action Requests

  • If an action request can't be processed on some devices due to ineligibility, a notification now shows in the top right of the window soon after submitting the request. Click View progress in the notification to view the status of each device on the Action Requests page.

    If all devices are ineligible, click View devices to review each device's failure reason.

  • To improve the performance of the Action Requests page, up to three years of past requests are now returned when you use the Search field to filter the page. Previously, up to five years of past requests were returned.
History > Events

  • When one of the Application policy events triggers an Alert rule, the email notification now includes the name of the applicable policy group:

    • Application policy activated

    • Application policy changed

    • Application policy deactivated
Playbooks (Absolute Rehydrate)

  • To help device users run user-initiated playbooks, a green asterisk (*) is now displayed in the top left of the screen to let users know that they can begin pressing F6 (or Fn+F6, as applicable).

  • After a Restore from image playbook downloads an ISO image to a device, and the playbook runs, the ISO image is now deleted.
Reach Scripts

  • The Enable Location Services script in Settings > Script library now supports Mac devices.

ServiceNow integration

  • Version 1.2 of the Absolute Connector is now available in the ServiceNow Store. It offers the following improvements and fixes:

    • You can now submit Run Playbook requests using Absolute Remote Management.
    • Installed software data can now be automatically synced from Secure Endpoint to your ServiceNow instance.
    • When submitting an End User Messaging action, you can now select an existing message template.
    • When submitting a Cryptographic Wipe request for a Mac device in a ServiceNow instance, the interface now includes fields to enter the device's admin credentials, which are required to process the request on the device.
    • Previously, if a user was assigned the x_absr_abs_connect.absolute_device_unfreeze role, but not the x_absr_abs_connect.absolute_device_freeze role, the Remove Freeze dialog was blank. This issue is now fixed.
    • After devices have been unenrolled from the Secure Endpoint Console, ServiceNow users can now run the new Absolute Disabled Devices Scheduled Import scheduled job to update the devices' status to Disabled in their ServiceNow instance.

    For more information, see the Absolute Connector 1.2 release notes.

Features and enhancements

The following features, enhancements, improvements, and fixes were introduced in a February release on Secure Endpoint 11.0.

Previously available only through Absolute’s beta program, Device Compliance policies are now generally available based on the Absolute product licenses associated with your account.

A Device Compliance policy uses data from your Windows and Mac devices to determine their state of compliance based on conditions you set. If any of these conditions are not satisfied, devices are flagged as non-compliant. Equipped with this information, you can:

  • Track any key performance indicators (KPIs) related to the compliance of your devices

  • Initiate remedial actions on devices that become non-compliant

  • Prevent devices from accessing the corporate network if they are at risk, unhealthy, or not compliant with your organization's requirements

Learn more

When activating a policy group's Playbooks policy for the first time, you now need to configure a setting that controls how devices will handle any system restarts triggered by Playbooks policy updates.

The System restart setting is preconfigured to allow these restarts to occur whenever a Playbooks policy update requires it. If a device user is logged in, a notification is displayed, warning them that the device needs to restart. They can restart immediately, or delay the restart up to 3 times for 8 hours each time.

If this preconfiguration does not meet your needs, you can:

  • Specify a time window during which these restarts can occur

  • Change how device users can delay the system restart, or remove the delay entirely

Learn more

The following events are now logged to the Events page in the History area:

  • Application policy activated

  • Application policy changed

  • Application policy deactivated

These events are logged whenever an Application Resilience policy or a Required Applications policy is activated, modified, or deactivated. If desired, you can create an Alert rule based on any of these new events.

These new events replace App resilience policy activated, App resilience policy changed, and App resilience policy deactivated for Application Resilience policies.

Improvements and fixes

Feature/Area Details
Absolute APIs

  • The Users resource has been added to the Absolute API. This new resource allows you to create, query, update, and delete users in your Absolute account.
Agent management

  • On the Agent management page, an UNSUPPORTED label is now assigned to all agent versions lower than version 10.0, as per Absolute's Agent Version Management Policy. Previously, the label was assigned to agent versions that were released more than 18 months ago.
AI Assistant

  • Resolved a timestamp mismatch so AI Assistant now uses each device’s local time when reporting device usage, keeping results consistent with the Console.

  • Device name matching in AI Assistant queries has been improved so searches use the exact device name you provide, reducing incorrect or missing results.
API management

  • New API tokens created with the Users permission now automatically inherit the same manageable roles as the user who creates the token. The token’s manageable roles are captured at creation time and remain unchanged even if the creator’s roles change later.
Device Details

  • The unit formats (for example, 2 GB) shown in the following sections in Device Details are now consistent with those shown in device reports:

    • System information

    • CPU

    • Memory

    • Network adapters

    • Storage

  • Previously, memory information for Mac devices failed to be available in the console when the Hardware payload did not include a Memory ID. This issue is now fixed.
History > Events

  • Summaries included on the Events page now provide clickable links from application policy-related events directly to the corresponding Application Resilience or Required Applications policy pages.
License Management

  • Previously, after selecting a device and clicking Change license, the following error message may have been displayed if a product assigned your account had no licenses available: This action couldn't be completed. This issue is now fixed. The Change licenses dialog now opens as expected.
Playbooks (Absolute Rehydrate)

  • When configuring the Restore from image playbook in a Run Playbook request, the value in the Credentials field is now masked for additional security. Click the icon to show the value. Click the icon to hide it again.

    In Action History, the value in the Credentials field is now also masked, but it can't be unmasked.
Reach Scripts

  • The Enable Location Services PowerShell script has been updated as follows:

    • Fixed an issue where the script may have failed to enable Location Services, even though the Run Script request's action status was reported as Succeeded.

    • The script now contains details about its limitations and its effect on Location settings on each device. Before running this script, ensure that you review the script content carefully.
Reports
  • Exporting reports built from custom widget data that uses EDD match score or EDD risk score metrics now works reliably. Previously, exports initiated from the Reports landing page could fail with an error.

  • Fixed an issue where editing report properties with a name longer than 255 characters or a description longer than 1000 characters caused a 400 Bad Request error when saving. The Save button is now automatically disabled if these limits are exceeded, preventing invalid data from being submitted.
Rules

  • Fixed an issue where Location rules were triggered unexpectedly when the Google Maps Geolocation API returned null or mismatched values for a location's City and State IDs.

  • You can now trigger an Action rule based on a device's model.

    Action rules that are based on the Model device state are only triggered when a device is enrolled. Learn more
User Management and permissions

  • On the navigation bar, the Workflows icon was shown for user roles that were not granted permissions for Workflows. Similarly, the Vulnerabilities icon was shown for user roles that were not granted permissions for Patch vulnerabilities or Security vulnerabilities. This issue is now fixed. The icons are no longer shown.

Features at end-of-life

Absolute has retired the following feature:

Feature Details
Policies > Resilience page

  • This page has been replaced by the Policies > Application page, which allows you to perform the same actions.

The following features, enhancements, improvements, and fixes were introduced in Secure Endpoint 11.0.

Features and enhancements

You can now control the length of time users remain signed in to the Secure Endpoint Console during periods of inactivity using the Session timeout setting, allowing you to apply a consistent security policy across all users in your Absolute account. Learn more

You can now create user-defined reports based on data from Dashboard widgets that have a data source of Devices or Applications. Learn more

A new setting, Measurement system, is now available in your user profile.

To see distances in the console in feet and miles, set the setting to Imperial (ft, mi). To see distances in meters and kilometers, set it to Metric (m, km).

For existing users, the Measurement system setting is set to Metric by default. For new users, the setting is based on the time zone set in their web browser when they first log in to the console.

Note that in the current release, this setting only applies to:

  • The Geolocation Tracking > Accuracy report column
  • Distances between locations on a device's History page in Device Details

  • Distances between locations in email notifications for location-based rules

  • The radius of geofences

To update your Measurement system setting, edit your user profile.

The following event is now logged to the Events page in the History area:

  • Session timeout updated

This event is logged whenever the Session timeout setting is changed. If desired, you can create an Alert rule based on this new event.

Improvements and fixes

Feature/Area Details
Absolute APIs

  • Endpoints for the following features have been added to the EDD Configuration resource:

    • Custom EDD rules: four endpoints have been added that allow you to view, export, and import existing custom rules

    • Scan exclusions: six endpoints have been added that allow you to view and manage the files you want excluded from EDD scan results.

  • The following endpoint has been added to the Device Group Tree resource:

    • GET /configurations/devicegrouptree/nodes/{deviceGroupTreeUid}/get-devices: Get the list of devices in a device group or folder

  • To accommodate each device's time zone when using the POST /actions/requests/freeze endpoint, you can now schedule a Freeze request up to 24 hours prior to the current time. If the time has already passed in the device's time zone, the request is processed immediately.
Account settings

  • The Daily thresholds section no longer includes configurations for the actions that are not supported by the licenses associated with your account.
AI Assistant

  • The following enhancements have been made:

    • Improved handling of device-related time-range questions so AI Assistant more reliably interprets relative dates (for example, “last n days” or “n days ago”), supports additional time fields, and treats weeks as Monday to Sunday instead of Sunday to Saturday.

    • Improved AI Assistant’s application usage analytics so that average usage across multiple devices is now calculated more reliably.

    • Improved AI Assistant responses related to anti-malware protection status and geolocation data.

    • You can now change or undo your thumbs up/down rating on AI Assistant responses and submit feedback of up to 4,000 characters.

    • You can now resize the AI Assistant chat box.

  • The following issues have been fixed:

    • AI Assistant now understands the current date and year context, so answers to time-based questions are more relevant.

    • AI Assistant no longer includes devices in Vietnam when listing devices in ITAR countries, ensuring the ITAR country list is accurate.

    • In the Add to dashboard dropdown, you can now scroll both up and down so that all items, including those at the top of long lists, are visible and selectable.

    • AI Assistant now correctly answers the default question “How many unique devices are at risk and why are they at risk?” without returning a system error.

    • AI Assistant now correctly recognizes questions that use “platform type” as equivalent to “OS type”, returning consistent device data for both queries.

    • When users select English regional locales (for example, "English (Norway)") in their profile, the AI Assistant now consistently responds in English and correctly maps locales to the appropriate supported language variant.
Applications

  • The Policy Group, Policy Name, and Application filters in the Application Compliance report now accept typed text when you choose operators like contains, begins with, or ends with. This enhancement makes it easier to find report items using partial names.

  • Improved the performance of application compliance queries so the results load faster, especially for large data sets.

  • Fixed an issue in certain application-related pages and reports where custom (non-default) Application Compliance columns disappeared after applying a filter.
Application Resilience

  • Application Resilience policies now allow you to persist the following application versions:

    • Version 14.12.x or higher of Absolute Secure Access

    • Version 5.1.11.x or higher of Cisco Secure Client

    • Version 25.8.x or higher of Citrix Workspace

    • Version 6.2.5.x or higher of Qualys Cloud Agent

    • Version 25.10.x or higher of Syxsense Responder

    • Version 11.0.2.x or higher of Tenable Nessus Agent

  • Application Resilience policies for Microsoft Defender for Endpoint now support different ZIP file names for onboarding scripts, allowing you to upload separate packages for different policy groups without any naming conflicts.

  • Fixed an issue where Syxsense Responder could fail to reinstall if multiple versions were present on a device. The system now correctly detects and uses the latest installed version, preventing unnecessary reinstall attempts.
Chromebook support

  • Version 2.6.6.5 of the Absolute Extension for Chromebooks is now available. This version adds Chromebook support to the UK1 data center and adds an improvement that helps the Absolute Investigation team track stolen devices using key captures.
Custom Data

  • The limit of 1000 data points per account has been removed.
Dashboards

  • Dashboards now load widgets only when you open each dashboard, instead of pre-processing every dashboard during startup. This change improves initial dashboard loading performance, especially for environments with many dashboards and widgets.
Device groups

  • If you are assigned to two or more static permission groups, you can now use the (Add devices) action to move devices between these groups.

  • You can now remove devices from a static permission group that you're assigned to.
Device Usage

  • For devices running macOS 14.8.2 or higher, the SSID is no longer missing or redacted in Lock and Unlock events reported on each device's Usage page.
Hardware

  • If a device's detected memory size is empty or null, or the field is missing from the payload, memory information is no longer shown on the device's Hardware > Memory page.
History > Action Requests

  • Fixed an issue on the Action Requests page where the Unenroll action status could show as Succeeded in the pie chart but Completed in the device table. The status is now consistent and correctly displayed as Completed across both the chart and the table.
License Management

  • Previously, if some product licenses were expired, attempts to change the assignment order on the License Assignment Settings page may have failed. This issue is now fixed.

  • Fixed an issue where some licensed devices were showing as unlicensed in the Secure Endpoint Console.

  • Previously, in the license usage chart, the In use and Available portions of a bar may have been incorrectly positioned. This issue is now fixed.

  • Fixed an issue where repeatedly enabling and disabling license enforcement for an account could prevent License updated on device events from being logged in Event History.
Manage Supervisor Password

  • Previously, when using a bulk request to submit the Manage Supervisor Password action for multiple device, the request failed to be processed if the devices were all Supervisor Password version 2.x, but their minor versions were different. This issue is now fixed.
Messages

  • You can now edit the label on the Submit button in an End User Message template. The label is limited to 14 characters (no spaces).
Playbooks (Absolute Rehydrate)

  • After a user-initiated Run playbook request is processed on a device, a new passcode is now automatically generated in preparation for the next request. The new passcode is shown on a device's Summary page in Device Details.

  • Fixed an issue where the passcode for a device's user-initiated Run Playbook request could differ from the passcode shown on the device's Summary page after the device's passcode was changed. The updated passcode is now shown in both locations.

  • The request date that is included in the default name of a Run Playbook request is now based on the user's profile time zone instead of UTC.
Reports

  • When exporting a report to Excel (.xlsx) file format, the report is now automatically exported in CSV file format when the report includes more than 1 million rows. Reports of this size are not supported in Excel.

  • When scheduling a report to be sent in Excel (.xlsx) file format, the report is now automatically sent in compressed CSV file format when the report includes more than 1 million rows. Reports of this size are not supported in Excel.
Rules

  • Action rules based on a Custom Data data point now support data point values that include a decimal point.

  • Previously, when an Action rule was based on the Domain device state, the rule may have failed to be triggered when a device was re-enrolled (Domain changed from null to a value). This issue is now fixed.
Secure Endpoint Agent

  • To help you troubleshoot agent upgrade issues, the following messages may now be displayed when you hover over a icon in the Agent version field (or report column):

    • Failed to uninstall component
    • Component failed to communicate with the server
    • Component uninstallation requires device reboot

    Learn more

Script library

  • The Upload files to network shared folder (WC_UploadFilesToSharedFolder.ps1) script has been updated to add a security enhancement.
Utilities

  • The readme file included in the Network Diagnostics Tool download package now includes the hostnames associated with the following console login URLs:

    • cc.in1.absolute.com

    • cc.uk1.absolute.com
Windows support

  • The Secure Endpoint Agent now supports Windows Server 2022 Datacenter Edition. Note that the following features aren't supported on this platform:

    • The detection of installed anti-malware applications

    • Device Wipe

    • Geolocation tracking

    • Playbooks (Absolute Rehydrate)