Absolute 7.23 Release Notes

This topic describes the software changes included in Absolute 7.23. It also describes the changes included in all hotfixes since the release of Absolute 7.22.

This release introduces performance, security, data integrity, and usability improvements that enhance the responsiveness, reliability, and ease of use of the system. It also introduces enhancements, improvements, and fixes to existing features and functionality.

To view the software changes introduced in this release that apply to the Secure Endpoint Agent, see the Secure Endpoint Agent release notes: Version 7.23.

Depending on the Absolute product licenses associated with your account, some of the following features, enhancements, and fixes may not be available to you.

Features and enhancements

The Device Details page has a new History tab. The History tab allows you to view a device's events over a particular period of time. The following types of events are available:

  • Location updated events
  • User updated events
  • System updated events
  • Rule triggered events
  • Action events

Learn more

When viewing the Application Resilience dialog from the Policy Groups area, you can now search for an application by name, as well as hide your inactive policies.

Learn more

Application Resilience policies, which collect information about the functional status of third party applications installed on your Windows devices, now support the following applications:

You can now persist the following application versions:

  • Trellix Endpoint Security Agent (formerly FireEye Endpoint Agent) 35.31.x or higher
  • Trellix ePolicy Orchestrator version 5.7.8.x or higher

All newly added applications and versions support file hosting.

When the application Status for BitLocker, Microsoft Intune, and Microsoft SCCM is Not compliant, most of the Status details messages have been improved to make them easier to read.

In addition, the Status details messages for successful repairs and reinstalls on all applications have also been improved to make them easier to read.

The following events are now logged to the Events page in the History area:

  • Device unenrolled by refurbish partner
  • Missing device unenrolled by refurbish partner

Features at end-of-life

In this release, Absolute completes the retirement of all remaining Classic functionality from the Secure Endpoint Console. Specifically, the following features are no longer available:

Feature Details
Alerts (create and edit)

In preparation for the retirement of the Classic Alerts feature, you can no longer create or edit alerts. To view your existing alerts, click the Go to Classic Alerts page link at the bottom of any page in the Rules area.

We strongly encourage you to take some time now to evaluate your existing alerts, create custom rules for the alerts that you want to keep, and then delete each alert. For more information, see the Instructional Guide.

The Classic Alerts feature will be completely retired in the next release.
Classic Reports

All remaining Classic reports have been retired and they are no longer available. As a result, you'll notice the following changes to the console:

  • In the Reports area, the link to each Classic report has been removed from its respective report category, and the Go to the Classic Report page link is no longer available at the bottom of each page.
  • The icon, which provided links to the Call History and Device Location History reports, has been removed from each device's Device Details page.

Also note that a device's Device Summary page, which you could open from any Classic device report, is no longer available.
Classic device groups

Classic device groups have been retired. To create a new device group, create a static device group or a smart device group.

About existing Classic device groups

Each Classic device group in your account has been converted to a static device group. Note that all device groups will retain their current name and will continue to reside in the Classic Groups folder in the Device Groups area in Assets. Similarly, the [Classic Group] prefix will continue to be prepended to the group's name.

In the User Management area, users that were assigned to a single Classic device group will now be assigned to the corresponding static device group. Permissions on the devices in the device group will remain unchanged.
Classic role Classic Role permissions are no longer relevant and have been removed from the User Management area. As a result, you no longer need to select a base role when creating a custom role. Learn more
Classic Software Policies Software Policies have been retired and are no longer accessible from the Policy Groups sidebar in the Policies area.
System Notifications

These Classic features have been retired and are no longer available in the Settings area.

With the retirement of the Classic Account Settings area, you can now assign Service Guarantee licenses to your devices by simply updating each device's Has Service Guarantee Device Field to Yes.
Disable Pre-authorizations
Import / Export
Classic Account Settings
Classic SIEM Connector

The Classic SIEM Connector is no longer supported.

To view and analyze Absolute events in a Security Information and Event Management (SIEM) solution, set up an integration between the two systems using the Absolute SIEM Connector.

Absolute has retired the following features:

Feature Details
Android support

The Secure Endpoint Agent for Android is no longer supported and all existing Android devices have been unenrolled from their respective Absolute accounts.

As a result, device data for Android devices is no longer available in the Secure Endpoint Console. Specifically, the following console pages, reports, and items have been removed:

  • Android Vulnerability page in Device Details
  • Android Vulnerability report
  • Android Vulnerability report filters in device reports
Software reports

In a recent 7.22 hotfix, the Software policy and its associated reports and pages were retired. As a result, the following items are no longer available in the console:

  • Software policy in the Policy Groups area

  • The following reports:

    • Devices with Cloud Storage Software
    • Software Licenses on Windows devices
    • Software Overview report
    • Software Reporting Data
  • The Software > Status report column in device reports
  • Software page in a device's Device Details

To collect information about the software installed on your devices, activate the Installed Applications policy. You can review the collected information on the Applications page in the Assets area, the Installed applications report, and a device's Applications page.
Absolute API v1

Version 1 of the Absolute API is no longer supported.

To directly access Absolute functionality and data without using the Secure Endpoint Console, use Absolute API v3.

Improvements and fixes

Absolute 7.23 introduces the following improvements and fixes:

Feature/Area Details
Secure Endpoint Agent
  • On devices running macOS 13, the Secure Endpoint Agent intermittently failed to connect to the Absolute Monitoring Center until the device was restarted. This issue is now fixed.
Absolute APIs
  • Following the release of 7.22, the Device Reporting API did not always return the deviceFreezeActionStatus.score parameter. This issue is now fixed.
  • In some cases, the Device Reporting API didn't return the deviceFreezeStatus.passCode and deviceFreezeStatus.displayPasscode parameters for users with the Remove Freeze permission and did return the parameters for users without the Remove Freeze Permission. This issue is now fixed.
  • Message content in Freeze requests and Send Message requests is now validated and any HTML tags or attributes that may expose Absolute servers or agents to injection attacks, such as cross site scripting (XSS), are automatically removed.

  • The following parameters have been added to the GET /reporting/devices-advanced and GET /reporting/devices endpoints:

    • rnrActivTrak: An object containing information about the Application Resilience policy for ActivTrak Agent
    • rnrAvast: An object containing information about the Application Resilience policy for Avast Antivirus
    • rnrBUFFERZONE: An object containing information about the Application Resilience policy for BUFFERZONE Security
    • rnrDellSupportAssistBusiness: An object containing information about the Application Resilience policy for Dell Support Assist for Business PCs
    • rnrHPTechPulse: An object containing information about the Application Resilience policy for HP TechPulse
    • rnrNetSfere: An object containing information about the Application Resilience policy for NetSfere
    • rnrOctopus: An object containing information about the Application Resilience policy for Octopus Desk
    • rnrSymantecMA: An object containing information about the Application Resilience policy for Symantec Management Agent
Anti-Malware

  • The following anti-malware applications are now detected when they're installed on a Mac device:

    • Cisco Secure Endpoint, version 1
    • Microsoft Defender for Endpoint, version 101
  • Non-ASCII characters are now displayed correctly in application names.
Applications
  • Previously, when a Guest User attempted to view the Applications page in the Assets area, a 404 - Resource Not Found error occurred. This issue is now fixed.
Application Resilience
  • In some cases, the Repairs and Reinstalls widget failed to load. This issue is now fixed.

  • The following Application Resilience policies have now been updated:

    • Absolute Secure Access

      • Policies for Absolute Secure Access have been updated to refine the health check on the Absolute Secure Access Packet Filter (nmfilter.sys) driver.
      • Policies for Absolute Secure Access now check for NetMotion Software, Inc, NetMotion Software, Inc., and Absolute Software Corp. as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy.

      Learn more

    • Cisco Umbrella Roaming Client

      Policies for Cisco Umbrella Roaming Client now check for Cisco Systems Inc., CISCO SYSTEMS, INC., and CISCO SYSTEMS as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • CrowdStrike Falcon

      Policies for CrowdStrike Falcon version 6.x or higher now check for CrowdStrike, Inc. and Microsoft Windows Hardware Compatibility Publisher as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • FireEye Endpoint Agent

      Policies for FireEye Endpoint Agent have been renamed Trellix Endpoint Security Agent.

    • Forescout SecureConnector

      Policies for Forescout SecureConnector have been updated with the following changes:

      • The wording has been updated to clarify that the permanent deployment type is used to determine if the application is Compliant
      • In some cases, if an earlier version was installed on the device, the RAR component would report the wrong version of the application. This issue is now fixed.

    • FortiClient Fabric Agent

      Policies for FortiClient Fabric Agent now allow you to upload or configure the location of the MST file.

    • FortiClient VPN

      Policies for FortiClient VPN now check for Fortinet Technologies (Canada) Inc. and Fortinet Technologies (Canada) ULC as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • Ivanti Endpoint Manager

      Policies for Ivanti Endpoint Manager version 10.1.x now check for LANDesk Software, Inc. and Ivanti, Inc. as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • Kaseya Agent

      Policies for Kaseya Agent now check for Kaseya Corporation and KASEYA HOLDINGS INC. as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • Malwarebytes Endpoint Agent

      Policies for Malwarebytes Endpoint Agent now check for Malwarebytes Inc and Malwarebytes Inc. as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • Microsoft Defender for Endpoint

      Policies for Microsoft Defender for Endpoint now check for Microsoft Corporation and Microsoft Windows Publisher as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • Microsoft Intune

      Policies for Microsoft Intune have been updated with the following changes:

      • Policies no longer check to see if the following tasks have been created:

        • Schedule #1 created by enrollment client
        • Schedule #2 created by enrollment client
        • Schedule #3 created by enrollment client
        • Schedule to run OMADMClient by client
      • Policies no longer check the MDM Discovery URL.
      • Policies now repair the Intune Management Extension service if it is selected in the policy configuration.

    • Qualys Cloud Agent

      Policies for Qualys Cloud Agent now check for Qualys, Inc and Qualys as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • Sophos Endpoint Protection

      Policies for Sophos Endpoint Protection no longer check the Sophos AutoUpdate Service (ALsvc.exe) for version 2022.x or higher.

    • Symantec DLP

      Policies for Symantec DLP now check for Broadcom Inc and Symantec Corporation as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • Symantec Endpoint Protection

      • Policies for Symantec Endpoint Protection version 14.2.x or higher have been updated to check an additional location for the sms.dll binary file.
      • Policies for Symantec Endpoint Protection version 14.2.x or higher no longer check for the Symantec Endpoint Protection Local Proxy Service (ccSvcHost.exe) or the LPSSvc.dll binary file.

    • Trellix ePolicy Orchestrator

      Policies for Trellix ePolicy Orchestrator version 5.7.8.* or higher now check for McAfee, Inc. and MUSARUBRA US LLC as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • Trend Micro Apex One Security Agent

      Policies for Trend Micro Apex One Security now check for Trend Micro, Inc. and Trend Micro as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more
Authentication
  • Messaging has been added to signin.absolute.com and signin.us.absolute.com to notify users that the page will be retired in a future release. If you have bookmarked either of these URLs, update your bookmark to use the alternate URL provided in the message.
Chromebook support

  • The deployment instructions for configuring settings in the Google Admin console have been updated. The following two URLs should be added to the URL blocking field:

    • chrome://kill
    • chrome://hang

    Learn more

Dashboard
  • You can now search for devices in the Dashboard using Identifier and Chromebook Annotated Asset ID. You can no longer search by Operating System.
Device Details

  • The Usage tab in Device Details has been updated with the following changes:

    • The Usage tab now shows Logout and Lock events, in addition to Login and Unlock events. These events are only recorded for Windows and Mac devices.
    • The Usage tab now shows a Username column, which shows the user that was logged in during each Login, Logout, Unlock, and Lock event.

    Learn more

Device Usage
  • On a Mac device, the Device Usage background process no longer triggers a malware warning in Cisco Secure Endpoint.
File Delete
  • When NoMAD Login is installed on a device running macOS 13, you can now successfully log in to the device after a Delete All Files wipe has been completed.
Freeze
  • When submitting a Freeze request, you can now click Select All or Clear to update the list of events shown in the Events field under Send status updates.
  • Previously, if the requester's name for a Freeze request includes a special character, such as ø, the status of the request failed to update beyond Pending. This issue is now fixed.
  • Freeze message content is now validated and any HTML tags or attributes that may expose Absolute servers or agents to injection attacks, such as cross site scripting (XSS), are automatically removed.
  • Previously, in some rare cases, the reported status of a frozen device may have appeared to revert to a previous status even though the device was still frozen. This issue is now fixed.
  • If a pending On-demand Freeze request requires Dual Approval, a Pending Approval link now shows in the request's status banner in Device Details.

  • Following the release of ABS 722:

    • The Requester field in the Device Freeze Status report was changed to display the last name of the requester instead of the username of the requester. The Requester field has been changed back and displays the username again.
    • The default length of the unfreeze code was changed from 8 digits to 6 digits. To increase security, the default value has been reverted to 8 digits.

    • Status changes to Freeze and Remove Freeze requests were not logged to the following pages in the console:

      • Event History page in a device's Device Details
      • Event History report in the Reports area

      This issue is now fixed.

  • Files stored on a frozen Windows device can no longer be accessed from a network share.
  • On frozen devices running macOS 10.15, the Freeze message no longer fails to be displayed, and entering the device's unfreeze code successfully unfreezes the device.

  • Previously, while a Mac device was processing a Freeze request, a blank screen was displayed for up to 40 seconds before the Freeze message appeared. The blank screen also occurred when unfreezing a device. This issue is now fixed.

    This fix only applies when a single user is logged in to the device. If multiple users are logged in, the blank screen still shows.

  • Previously, when a Chromebook was unfrozen by a Remove Freeze request, it may have triggered multiple email notifications and logged multiple events to Event History. This issue is now fixed.
History > Events

  • A disk's media type, such as Fixed hard disk media or Removable media, is now included in the Summary information for the following events:

    • Disk added
    • Disk removed

    You can also specify a media type when you create a rule based on either of these events.

  • For the following events, the name of the refurbishment center division is now provided instead of the email address of the technician:

    • Refurbishment Succeeded
    • Refurbishment Failed
Investigations

  • On the Reported Stolen page in the Assets area:

    • The Agent status column is now a default column.
    • When you open a closed theft report by clicking its Report ID, the report's Closed Date is now shown.
  • You can now successfully change the activation status of an Investigation Report Contact. Previously, clicking the Active/Inactive slider triggered the following error: Cannot process this request for this account.
Messages
  • Message content is now validated and any HTML tags or attributes that may expose Absolute servers or agents to injection attacks, such as cross site scripting (XSS), are automatically removed.
Reach Scripts
  • Previously, the Windows Update Configuration Reach script did not work on Windows 11 devices. This issue is now fixed.
  • Previously, the Upload files to Dropbox, Upload file to FTP server, or Upload file to network shared folder Reach scripts didn't support special characters in the file path. This issue is now fixed.
Reports

  • The statuses that show in the Firmware Persistence > Status report column have been updated. The Awaiting Call status has been removed while Deactivated and Unknown statuses have been added. View status definitions

    This change also applies to the Firmware Persistence status field in Device Details.

  • The Activation report has been updated with the following changes:

    • The default filter now also includes Agent status is Inactive in order to include devices that have been activated at the factory but have not yet called in to the Absolute Monitoring Center
    • The IMEI column is no longer included by default
  • Previously, when you used the Platform type filter in reports, platforms that were no longer supported in the Secure Endpoint Console appeared as possible values. These values have been removed.
  • If you removed all the columns from a report, using Reset to default did not restore the defaults unless you refreshed the browser. This issue is now fixed.
Rules
  • A Window's device's keyboard customizations are no longer removed when an Offline Freeze rule is deployed to the device.
  • An activation slider has been added to each Offline Freeze rule on the Rules page, allowing you to activate or deactivate a rule without opening it.
  • Following the release of Absolute 7.22, if you moved a frozen device from a policy group with an Offline Freeze rule to a policy group without, and then submitted a Remove Freeze request, the device was unfrozen, but the rule failed to be removed from the device. This issue is now fixed.

  • For Location rules, the list of countries included in the ITAR Prohibited Countries option has been updated as follows:

    • Countries added: Cambodia, Ethiopia, Russia, South Sudan
    • Countries removed: Liberia, Rwanda, Sri Lanka, Vietnam, Yemen
Wipe
  • If VMware Workspace One is running on a Windows device, its services are now stopped before the device is wiped to ensure that encryption keys are not backed up.
  • Previously, a Wipe request may have failed to be processed on a Mac device because multiple volumes were erroneously detected after an OS upgrade. This issue is now fixed.