Secure Endpoint 11.1 release notes

This topic describes the software updates included in Secure Endpoint 11.1, along with subsequent hotfixes and upgrades. In addition to the specific changes detailed here, each release also includes broader system enhancements designed to strengthen security, optimize performance, and enhance overall stability.

To view the software updates that apply to the Secure Endpoint Agent, see the Secure Endpoint Agent release notes - Version 11.1.

Depending on the Absolute product licenses associated with your account, and your Absolute data center, some of the following features, enhancements, and fixes may not be available to you.

Features and enhancements

The following features, enhancements, improvements, and fixes were introduced in Secure Endpoint 11.1.

You can now visualize and analyze logged events data directly in Customizable Dashboards.

With the new Events data source, you can build widgets that track event activity over selected time ranges and filter results by attributes such as event type or device.

Use these widgets to monitor trends and gain deeper visibility into event activity across your account. You can also turn widget data into custom reports for easier sharing and analysis.

The following enhancements related to the Playbooks (Absolute Rehydrate) feature are now available:

  • To provide more accurate status reporting, the following statuses have been added to the Playbooks field (in Device Details) and the Playbook > Status report column:
    • Pending: the Playbooks policy is activated, but device provisioning is still in progress. A reboot may be required to complete provisioning.
    • Deprovisioning: the device's Playbooks policy has been deactivated and device deprovisioning is in progress. A reboot may be required to complete deprovisioning.

    When either of these statuses is shown, the Playbook > Status details report column now shows Waiting for reboot.

  • When device provisioning is unsuccessful, the Playbooks > Status details report column now contains additional failure reasons to help you troubleshoot the issue. One or more of the following reasons may now show:
    • Authentication key missing
    • BIOS settings check failed
    • Bootloader generic error
    • Bootloader not activated
    • Currently unable to determine if device supports playbooks
    • Insufficient disk space to download recovery file
    • Insufficient permissions to install recovery file
    • OS check failed
    • OS does not meet minimum requirement
    • Persistence check failed
    • Persistence not activated
    • Persistence not fully enabled
    • Persistence not supported
    • Platform not supported

    • TPM check failed

    • TPM does not have endorsement key available
    • TPM not activated
    • TPM not owned
    • TPM not enabled
    • TPM version not 2.0 or higher
    • Unknown error

    Learn more about troubleshooting device provisioning

  • You can now enable the Full Disk Encryption Status policy to collect BitLocker recovery keys and store them in the Absolute database. If your devices are encrypted by BitLocker Drive Encryption, we recommend enabling this option. In a future release, you will be able to use a variable to populate a playbook's BitLocker recovery key field using the stored recovery keys.

    Learn more

    Note that for security reasons, the collected recovery keys are not shown in the console. You can confirm that recovery keys were collected by adding the Encryption > Last BitLocker key change column to a report or by reviewing that field on a device's Summary page. Learn more

The following events are now logged to the Events page in the History area:

  • Application installed

  • Application updated

  • Application uninstalled

These events are logged whenever an Installed Applications policy reports a change in an application’s lifecycle on a device.

In addition, the following existing events have been renamed for consistency:

  • App resilience remediated is now Application remediated

  • App resilience remediation failed is now Application remediation failed

If desired, you can create an Alert rule based on any of these new or updated events.

Improvements and fixes

Feature/Area  
Absolute APIs

  • The Application Resilience resource has been added to the Absolute API. This new resource allows you to export and import Application Resilience policies between policy groups or accounts. It includes the following endpoints:

  • The following enhancements have been added to the Geofence resource:

    • In addition to custom geofences, you can now use the POST endpoint to create location geofences and super fences.
    • You can now use the GET endpoint to query all geofences and super fences for your account.

    The Manage permission for Geofences is now required to use the POST and DELETE endpoints, while the View permission is required to use the GET endpoint. To add these permissions, you'll need to create a new API token. You can't add a permission to an existing API token.

  • In the Freeze resource, unfreeze codes now support:

    • Alphabetical characters (a-z, A-Z) in addition to numerals

    • Passcodes up to 20 characters in length
AI Assistant

  • AI Assistant now correctly filters geolocation details from its answers for users who do not have the required permissions. If a user requests restricted location data, AI Assistant provides a clear notification regarding the permission limitation instead of referencing the restricted fields.

  • You can now cancel an active prompt in AI Assistant while it is processing, allowing you to stop the current response and immediately start a new request. When a prompt is stopped, a Retry button becomes available to resubmit the request if needed.

  • Fixed an issue where AI Assistant did not display the total count of devices or records in its response when the user locale was set to Japanese.
Applications

  • The values that show in the Application Compliance > Status details column have been updated to ensure that they are consistent across Application Resilience and Required Application policies.

  • By default, the Application Compliance report is now sorted by application version in addition to policy name and device name.

  • Fixed an issue where the Application Compliance > Status updated column displayed an incorrect timestamp when an application's compliance status changed. The report now correctly reflects the date and time of the most recent status update.

  • Previously, when viewing application details for a device from the Application Summary page, and the error Check failed showed, the reasons for the failed health check may not have been displayed correctly. This issue is now fixed.

  • Fixed an issue where Application Resilience was unable to distinguish between a missing application and a health check failure. Health check errors are now correctly identified and reported.
Application Resilience

  • Application Resilience policies now allow you to persist the following application versions:

    • Version 26.x or higher of Teramind Agent

    • Version 25.11.x or higher of Citrix Workspace

    • Version 5.1.16.x or higher of Cisco Secure Client

    • Version 6.4.1.x or higher of Qualys Cloud Agent

    • Version 11.1.2.x or higher of Tenable Nessus Agent

    • Version 4.8.x or higher of Zscaler Client Connector
Authentication

  • The following login pages have been deprecated, meaning you can no longer use them to log in to the Secure Endpoint Console:

    • signin.absolute.com
    • signin.us.absolute.com

    A link to each data center's active login page is provided on the deprecated page.
Dashboards

  • The widget settings interface now features a grouped drop-down menu for Data source selection, replacing the previous button-based layout.

  • The Dark devices widget on the Asset management and At risk dashboards has been updated to display a single total count of dark devices over time. By removing the chart's Series dimension, the widget now provides a clearer high-level view of endpoint connectivity trends.
Device Details

  • To improve the accuracy of hardware reporting, the Secure Endpoint Console now uses a more comprehensive data field to populate the Processor number in a device's Details page. This update ensures that processor information is correctly displayed for a wider range of endpoint configurations.

  • In the Actions toolbar, device actions, such as Wipe and Run Script, are now grayed out in the following scenarios:

    • The device's assigned license doesn’t support the action

    • The action is not supported on the device's operating system

  • Event timestamps on the History tab and the Location History tab now include the user’s time zone.

  • Fixed an issue where the Primary Technology report column was left blank in an exported Location History report when IP location was the only available technology. The column now correctly displays IP Location, and all address report columns now show Not Available.

  • Fixed an issue where the History page in Device Details incorrectly displayed street addresses for IP location updated events. These events now display only the city, state or province, and country.
Endpoint Data Discovery

  • To improve usability and provide consistency with other areas of the console, the user interface of the following EDD-related pages has been updated:

    • Endpoint Data Discovery Rules page in the Policies area Learn more

    • Create EDD rules page accessed from the Endpoint Data Discovery Rules page Learn more

    • Configure Endpoint Data Discovery scan page in a policy group Learn more

    • EDD Summary page in a device's Device Details Learn more

  • The Personal Health Information (PHI) rule now uses the latest version of the National Institutes of Health Medical Subject Headings (MeSH) thesaurus, expanding coverage for medical and health terminology while reducing misclassifications. In addition, the rule now handles date values more efficiently and reliably, improving performance of EDD reports.

    For EDD policies that include the PHI rule, these updates will not be applied until the next scheduled EDD scan.

  • Previously, customers with a large device inventory may have experienced slow performance and potential timeouts when viewing the Devices with At-Risk Files in Cloud report. By optimizing the underlying query, this issue is now fixed.
Freeze

  • Unfreeze codes now support:

    • Alphabetical characters (a-z, A-Z) in addition to numerals

    • Passcodes up to 20 characters in length

  • RealVNC can no longer be used to gain remote access to a frozen device.
History > Events

  • The History > Events page has been updated to a new version that provides improved performance and a more streamlined viewing experience. You can now click any row on the page to open a sidebar that displays detailed property changes for that event, with changed properties prioritized at the top for easier review. This update also includes enhanced filtering and export capabilities, allowing for more granular visibility into system and device events.
License Management

  • For new accounts, an error message may have been displayed the first time you clicked License assignment settings. This issue is now fixed.
Playbooks (Absolute Rehydrate)

  • When configuring a policy group's Playbooks policy for the first time, the System restart setting is now preconfigured as follows:

    • Time window of 12 a.m. to 6 a.m. (local device time)

    • Device user can delay the restart once for 2 hours

    Learn more

  • The Initiated by field is now shown in the request overview of a Run Playbook request on the following console pages:

    • History > Actions

    • Actions tab in Device Details

  • If the agent version assigned to a policy group does not support a particular Playbook policy configuration, the configuration is now grayed out and the following message is displayed:

    A newer version of Absolute agent is available for additional features.

  • On the Playbook configuration page, when a user selected the Restart device automatically after updates option, but did not enable a time window or delayed restarts, the device restarted without warning the device user. This issue is now fixed. A restart notification is now displayed stating that a restart will begin in 10 minutes.
Reach Scripts

  • The following PowerShell scripts are now available in the Script library:

    • Intune connection management utility for Windows devices

    • Absolute recovery image deployment utility

Reports

  • Fixed an issue where Application Resilience and Application Compliance reports incorrectly displayed a status of Drive not encrypted for devices with suspended BitLocker protection. The reports now accurately reflect this state with the status detail BitLocker protection suspended.

  • When exporting a report that includes the Geolocation technology > Accuracy column, the measurement system (Imperial or Metric) configured in your user preferences is now shown in the exported report.
ServiceNow integration

  • The Absolute Connector for ServiceNow is now supported in the following data centers:

    • cc.in1.absolute.com

    • cc.uk1.absolute.com

    If your account is in one of these data centers and you use ServiceNow® IT Service Management (ITSM) to manage your devices, you can now set up an integration with Absolute Secure Endpoint using the Absolute Connector. This integration gives ServiceNow users real-time access to Absolute asset data for computers with out-of-date or inaccurate data in the CMDB. Users can also perform select Absolute security actions, such as Freeze and Run Script, directly from your ServiceNow instance. Learn more
Windows support

  • The Secure Endpoint Agent now supports Windows Server 2025 Datacenter Edition. Note that the following features aren't supported on this platform:

    • The detection of installed anti-malware applications

    • Device Wipe

    • Geolocation tracking

    • Playbooks (Absolute Rehydrate)