Secure Endpoint 8.0 release notes

This topic describes the software changes included in Secure Endpoint 8.0.

This release introduces performance, security, data integrity, and usability improvements that enhance the responsiveness, reliability, and ease of use of the system. It also introduces enhancements, improvements, and fixes to existing features and functionality.

To view the software changes introduced in this release that apply to the Secure Endpoint Agent, see the Secure Endpoint Agent release notes: Version 8.0.

Depending on the Absolute product licenses associated with your account, some of the following features, enhancements, and fixes may not be available to you.

Features and enhancements

We've added a number of enhancements to the Secure Endpoint Console to improve usability and introduce a more modern look.

Highlights

You'll notice the following changes when you log in to the console:

  • The navigation bar now uses a more accessible color scheme.
  • The Search Devices field has been moved from the Dashboard to the navigation bar.
  • The Assets area is now the Devices area, and Applications has been promoted to its own link on the navigation bar.
  • The Policies and History links now contain sublinks, which are collapsed by default. The sublinks replace the tabs that were previously available in each area.
  • The Settings link has been moved to the bottom of the navigation bar, and clicking or hovering over Settings now opens a fly-out menu. You can also access your user profile and log out from this menu.
  • Icons have been added to the device action options, such as Freeze and Wipe, in device reports and a device's Device Details area.

(Report toolbar)

(Device group toolbar)

  • In reports, most options have been moved from the icon to a new action toolbar, which is displayed in the top right of the page. An action toolbar is also available in the Device Groups area. Hover over an icon in the toolbar to view its associated action.

    The icons available in the toolbar vary depending on the report or page you're on.

  • The quick access toolbar now contains two global action icons instead of five:

    To upload a file of device identifiers and perform an action, click (Upload device list) on the toolbar.

    To perform the actions that are no longer available on the toolbar, do the following:

    • To add an item, go to the applicable area in the console and click the "Create" button next to the quick access toolbar. For example, to add a new rule, go to Policies > Rules and click Create rule.
    • To import data, go to Settings > Custom fields > View and edit device fields.
    • To view the maintenance schedule, go to (Help and Support) > Resources > Maintenance and release schedule.
    • To access your user profile, click Settings and click your username.
All pages now include a page title, which is also shown on the browser tab.

  • Endpoint Data Discovery (EDD) supports three new operators:

    • //: Use this operator to match files using a regular expression.

      Learn more

    • @FILENAME: Use this operator to match files with a specific name pattern, including a file extension.

      Learn more

    • @SHA256: Use this operator to match files based on their SHA256 file content hash.

      Learn more

    Use the three new operators on their own, or combine them with other operators.

  • New error messages for syntax errors

    In some cases, the UI now provides an error message when a syntax error occurs. For example, if you add the @FILENAME or @SHA256 operators without including quotation marks, the UI displays Double quotes are required for "@FILENAME" and "@SHA256" expressions.

  • Permissions

    Previously, if a user was assigned to a role with Manage permissions for Device Groups and the user was assigned to a single device group, the user could only view the device group that they were assigned to. Now, all users can view all device groups and folders, and if a user's role has Manage permissions for Device Groups, the user can manage all device groups and folders. Depending on the role's other permissions, the user may be able to make changes that affect devices that do not belong to their assigned device group.

    With this change, users assigned to a single device group may be able to perform actions that affect devices that they cannot see.
    Learn more

  • Moving device groups

    Previously, when you created device groups, it was important that you carefully outlined the folders and device groups that you intended to use because device groups couldn't be moved. Now, as long as you are moving a folder or device group into one of the supported parent-child configurations, you can move device groups after they have been created.

    Learn more

  • Folders

    Previously, there were two types of folders, default folders or a roll up folders. A default folder was a traditional folder that contains a collection of folders and device groups. A roll up folder was a folder that provided visibility into a collection of folders and device groups.

    There is now only one type of folder. All folders allow you to see all device in the collection.

  • Redesigned interface

    Device Groups has been redesigned and now has a more modern and user-friendly interface.

    Highlights

    • Device groups are now located in the Devices area
    • Device groups now have the same filter structure as other areas of the console, such as the All Devices page
    • Managing device groups is now done from a common action toolbar

  • On a device's History page, the overview dialog for a Location updated event now shows location information from all geolocation technologies available on a device. The most reliable technology is reported as the primary location, while other technologies are secondary. Primary and secondary locations are shown on the map.

    More detailed location information is also available in the overview dialog, such as:

    • The estimated accuracy of a location
    • The SSID and BSSID of nearby Wi-Fi access points. You can download the list of access points.
    • The device's IP location, and the Internet Service Provider (ISP) associated with it
    • The approximate distance a secondary location is from the primary location

    Secondary location information is also included when you export the History page and in email notifications for an Unexpected location change rule.

    Learn more

    Location updated events that occurred prior to the release of Secure Endpoint Agent 8.0 do not include secondary location information.

  • When creating an Unexpected location change rule, you can now include a map in email notifications by selecting the new Show device location on map option. The map shows the device's primary location, any secondary locations, and defined geofences, if applicable. Learn more

  • In the Summary area of the History > Events page, the following properties are now shown when you click a location associated with a Device location updated event:

    • Technology
    • Latitude and longitude associated with a secondary technology

    Learn more

    You can also use these properties to filter the list of events.

Scheduled Freeze is now supported on Chromebook devices running version 2640 or higher of the Absolute for Chromebooks extension.

If the Chromebook device is running a lower version of the Chromebook extension, the scheduled date is ignored and the device is frozen the next time it connects to the Absolute Monitoring Center.

Learn more

To support the new features and enhancements introduced in this release, the following permissions have been updated:

  • Device Groups - Manage permissions

    Previously, if a user was assigned to a role with Manage permissions for Device Groups and the user was assigned to a single device group, the user could only view the device group that they were assigned to. Now, all users can view all device groups and folders, and if a user has Manage permissions for Device Groups, the user can manage all device groups and folders. Depending on the roles other permissions, the user may be able to make changes that affect devices that do not belong to their assigned device group.

    Learn more

  • Users - Manage permissions

    Previously, if a user was assigned to a single device group, that user could only assign another user to the device group they were assigned to. Now, if the user has Manage permissions for Users, the user can assign other users to any device group except for All active devices.

These changes mean a user can may be able to perform actions that affect devices that they cannot see.

The following parameters have been added to the GET /reporting/devices-advanced and GET /reporting/devices endpoints:

  • rnrCarbonBlackEDR: An object containing information about the Application Resilience policy for VMware Carbon Black EDR Sensor
  • rnrHALCYONAR: An object containing information about the Application Resilience policy for Halcyon Anti Ransomware
  • rnrJumpCloudAgent: An object containing information about the Application Resilience policy for JumpCloud Agent
  • rnrSYXSENSE: An object containing information about the Application Resilience policy for Syxsense Responder
  • rnrTAEGIS: An object containing information about the application Resilience policy for Secureworks Taegis Agent
  • rnrTRUSTDELETE: An object containing information about the Application Resilience policy for OneBe TRUST DELETE

The following parameter description has been changed for the GET /reporting/devices-advanced and GET /reporting/devices endpoints:

  • rnrANYCONNECT: Cisco AnyConnect Secure Mobility Client has been renamed Cisco Secure Client. The description of the parameter has been updated to include the new application name.

  • The following parameters from the GET /reporting/devices-advanced and GET /reporting/devices did not return values so they have been deprecated:

    • activeDirectoryData: An object containing information about the device's Active Directory data
    • bssId: The Basic Service Set Identifiers (BSSID) of the current wireless access point
    • networkSSID: The Service Set Identifier (SSID) of the connected Wi-Fi adapter

  • The following parameter from the request body schema of the PUT /configurations/customfields/devices/{deviceUid} endpoint has been deprecated:

    • cdfFieldKey: The system-defined unique identifier assigned to the Device Field for the specified device. This parameter was used as an alternative identifier in Classic Absolute when cdfUid was not defined.

    This change allows users to provide a value for a Device Field on a device when the Device Field hasn't been previously set. If the parameter is included in the payload, it is ignored.

Learn more

In preparation for agent communications using IPv6 networks, new local and public IPv6 address fields have been added to the Secure Endpoint Console in the following areas:

  • History page in Device Details: IPv6 address fields in the event overview section for Location updated events
  • Pages and reports: IPv6 address columns that can be added to pages and reports
  • Events page in the History area: IPv6 address properties in System information updated events

  • Exported reports: IPv6 address columns for reports that contain local or public IP addresses, such as Device Usage and Device Analytics

In addition, the local IPv6 address is now displayed in the Local IP address column below the IPv4 address, if the local IPv6 address is available.

The Secure Endpoint Agent and the Absolute for Chromebooks extension are not yet configured to connect to the Absolute Monitoring Center using an IPv6 network. The IPv6 fields have been added in preparation for IPv6 agent communications. On Windows and Mac devices, the new public IPv6 fields will not contain any data at this time and the new local IPv6 fields may be populated depending on your network configuration. For Chromebook devices, none of the new IPv6 fields added will contain any data. Consider these limitations when using IPv6 fields for creating and filtering reports, filtering devices in smart groups, and setting up custom rules.
IPv6 agent communications will be available in a future release.

Improvements and fixes

Absolute 8.0 introduces the following improvements and fixes:

Feature/Area Details
Secure Endpoint Agent
Anti-Malware

  • The following applications are now detected when they're installed on a Windows device:

    • Avast Antivirus version 23
    • Trellix Endpoint Security version 10
  • Crowdstrike Falcon version 7 is now detected when it's installed on a Mac device.
Application Health
  • In some cases, the version number of an installed application was not reported. This issue is now fixed.
  • On Mac devices, the Health Status of a healthy application is now reported as Healthy instead of Unknown.
  • The publisher of Symantec Endpoint Protection is now reported as Broadcom instead of Symantec.
Applications
  • On Windows 11 devices, all applications downloaded from the Microsoft Store, such as Microsoft Photos, are now reported.
Application Resilience
  • The Application Resilience policies on the Policies tab of a device's Device Details page now have the same behavior as other policies. The status icon now only appears when the policy is enabled and data has been collected from the device. Learn more
  • In some cases, the installer that is uploaded or provided for an Application Resilience policy doesn't match the target version configured in the policy. This can cause the RAR component to continuously reinstall the application. To help prevent this problem, the configured target version now appears as a reminder when you upload the installer or provide the location of your installer.

  • The following Application Resilience policies have now been updated:

    • BitLocker

      • Policies for BitLocker have updated wording to better describe the behavior of the Encrypted Drives selections. All Other Fixed Drives has been changed to All Other Local Drives.
      • In some cases, the script used to check the health of BitLocker returned an error in Status details that was difficult to understand. This type of error message has been improved.

    • CrowdStrike Falcon

      Previously, if a device had multiple versions of CrowdStrike Falcon installed, policies for CrowdStrike Falcon didn't always report the most recent version. This issue is now fixed.

    • ManageEngine Desktop Central

      Previously, some newer versions of ManageEngine Desktop Central showed as uninstalled even when the application was correctly installed and running. This issue is now fixed.

    • Microsoft Intune

      Policies for Microsoft Intune can now attempt to repair Microsoft Intune if the Windows Recovery Environment Status is disabled.

      Learn more

    • Microsoft SCCM

      Customers can now chose to remove health checks for more of the SCCM-related components. You can now choose to remove the health checks for Assigned site, Domain attribute, and Management point

      Learn more

    • Rapid7 Insight Agent

      In some cases, policies for Rapid7 Insight Agent were unable to download the installer. This issue is now fixed.

    • Sophos Endpoint Protection

      When configuring a policy for Sophos Endpoint Protection for version 2022.1.x or higher, you are now reminded that you must disable Tamper Protection in your Sophos Endpoint Protection configuration in order to successfully use the Report, repair, and reinstall option.

      Policies for Sophos Endpoint Protection version 2022.1.x or higher now check for Sophos Limited; and Sophos Ltd; as signers for the services being monitored for health checks. In addition, you can also configure additional signers in the policy. Learn more

    • SparkCognition EPP

      Policies for SparkCognition EPP now check for SparkCognition and SparkCognition, Inc as signers for the services being monitored for health checks.

      Learn more

    • Tanium

      Policies for Tanium attempt to uninstall the application before reinstalling it. Previously, if the RAR component was unable to uninstall Tanium, the reinstall process failed. Now, the RAR component attempts to reinstall Tanium even if the RAR component failed to uninstall Tanium.

    • Tenable Nessus Agent

      Previously, policies for Tenable Nessus Agent could not reinstall some versions of Tenable Nessus Agent. This issue is now fixed and all version of Tenable Nessus Agent can be reinstalled.

      Note that downgrades are still not supported.

    • WinMagic SecureDoc

      Policies for WinMagic SecureDoc now support version 9.x or higher.
Authentication

  • To improve security, strong passwords are now mandatory. Any console users with a weak password will be required to reset their password before they can log in to the Secure Endpoint Console.

    This change does not apply to accounts that use a third party IdP for authentication to the console.
Chromebook support
  • If the sync with your Google account fails, the System Administrators on your account receive an email to notify them of the failure.

  • A new Chromebook extension has been released. The new extension has the following improvements:

    • The Absolute for Chromebooks extension now supports Manifest Version 3 (MV3). MV3 brings improvements to security, performance, and reliability.
    • When you create a Send Message request that requires a user response, date fields in the response have date format validation, ensuring that dates are returned in the correct format.

    A pop-up will appear when geolocation data is collected. This is the expected behavior.
Dashboard
  • The Search Devices field has been moved from the Dashboard to the navigation bar. Note that you can no longer search by a device's Make or Model.
Devices

  • The following links on the Devices sidebar now show their respective device count:

    • All Devices
    • Missing Devices
    • Reported Stolen
Device Details
  • The Usage tab in Device Details now shows Sleep, Wake, and Shutdown activities. These activities are only recorded for Windows and Mac devices. Learn more

  • The History tab in Device Details has been updated. You can now:

    • Search for a specific event using event keywords
    • Download the Certification of Sanitization from completed Cryptographic Wipe and Delete File (Delete All Files) events
    • Download the log file for Delete File events

    • Use the Find this event on other devices button to open History > Events with the event type used as a filter Learn more

    Also see Geolocation enhancements.
Device groups

  • Previously, the Device Freeze status filter contained values that were unsupported (Freeze Requested, Frozen by Policy, Freeze Pending, Unfreeze Requested, Scheduled Freeze Pending). These values have been removed. If you have smart groups filtered using these values, the device group now contains an invalid filter. Edit the device group's filter to remove the invalid values. Note that because the filter didn't match any values, the devices included in device groups with an invalid filter were not affected by this change.

    To filter your smart group using these types of values, use Device Freeze conditions.
Device Usage
Freeze

  • To improve security, the unfreeze code is now masked on the following pages and reports:

    To show the unfreeze code, click . To hide it again, click .

    Note that when the unfreeze code is exported in a report, it is not masked.
Hardware data collection
  • In some cases, information about the cellular modem on a Windows device was not available in the console. This issue is now fixed.
  • When a USB to ethernet adapter is connected to a Mac device, the adapter's details are now reported in the device's network adapter information.
  • Previously, Mac devices with an M1 or M2 chip may have showed an incorrect value (Intel) in the CPU > Architecture field. This issue is now fixed. One of the following values now shows: ARM, ARM x64, or ARM x86 - x64.
History > Events

  • For some device action events, the following date and time enhancements have been added:

    • The Date column now shows the date and time when the event occurred on the device, not the date and time when the event was uploaded to the Absolute Monitoring Center.
    • The Summary area now includes a Reported date, which is the date and time when the event was uploaded to the Absolute Monitoring Center.

    These enhancements apply to Freeze, File Delete, Run Script, Send Message, and Wipe events only, and only to those events that occur on a device.

  • When events of the following types occur on a device, the Date column now shows the date and time when the Secure Endpoint Agent detected that the information changed, not the date and time when the updated information was uploaded to the Absolute Monitoring Center:

    • Hardware events
    • Anti-malware events
    • Encryption events
    • Geolocation events

      • Learn more

  • In the Summary area:

    • If fewer than four properties were updated as a result of the event, the events are listed in the Summary area and the More... link is no longer shown.
    • A device's serial number now shows in parentheses after the device name.
    • The scheduled date and time for Freeze and Message requests is now appended with (Device local time).

    • The text used to describe an event has been improved to remove the grammatical inconsistencies and make the events more readable. Also, each property update is now presented in a separate sentence.

      For example:

      [email protected] successfully executed the remove freeze request DeviceFreeze-88 on Laptop (VMHhGFSGHmYc). Freeze request name is Freeze-<Date>. Device freeze type is On Demand. Reported date is <Date, Time>. More...
  • Previously, in some cases, a Disk updated event was logged for a hard drive serial number change when no change had occurred. In addition, if a rule was based on this event, a false alert was sent. This issue is now fixed.
History > Actions
  • When the Absolute API (v3) was used to submit a File Delete request, the following text may have been displayed in the request's File Delete Settings: Overwrite the data NaN times. This issue is now fixed. The text shows 1, 3, or 7, instead of NaN.
Reach Scripts
  • If a Run Script request is being processed on a Mac device when it receives a second Run Script request, the second request now waits for the first to complete instead of failing.
Reports
  • Previously, if you updated the sort order in a large report before you exported it, the export may have failed. This issue is now fixed. A report's default sort order is now reapplied before it is exported. To sort the data in the exported report, use the sort feature in a spreadsheet application (e.g. Excel).
  • Device Usage report: Absolute accounts with a very large number of devices can now successfully schedule the report.
  • Reporting Data: the "within last" and "not within last" filter conditions have been added to the Scan date field.
  • Web Usage (7 Days) report: when viewing web usage for a website, you can no longer use a "not" filter condition, such as "does not contain", to filter the report by device group.

  • When you apply the Local IP Address is not empty filter to a device report, devices showing "No data" for Local IP address are no longer included in the filtered report. This fix also applies to Public IP addresses.

  • If you add the Application column to the Installed Applications report and then export the report, the column now shows the normalized application name instead of the application's internal identifier.

  • Previously, the Device Freeze status filter contained values that were unsupported (Freeze Requested, Frozen by Policy, Freeze Pending, Unfreeze Requested, Scheduled Freeze Pending). These values have been removed. If any of your user-defined reports are filtered by these values, the report now contains an invalid filter. Remove the invalid filter and filter by the Device Freeze conditions filter instead.
Rules
  • When the first geolocation payload was uploaded from a device after the Geolocation Tracking policy was activated, a location change rule may have erroneously triggered an alert because the device's location changed from Null or Empty to a location. This issue is now fixed.
SIEM integration
  • The SIEM Connector installer is now packaged in a zip file that includes a checksum file containing the SHA-256 hash for the installer.
Utilities

  • The Network Diagnostics Tool has been updated to support all Absolute data centers.

    To test network connectivity of your Windows devices, we recommend that you download and run the new version of the tool. Learn more