Secure Endpoint release notes - Version 9 hotfixes

In addition to monthly security updates, this topic describes the software changes included in all hotfixes since the release of Secure Endpoint 9.0.

To view the software changes that apply to the Secure Endpoint Agent, see the Secure Endpoint Agent release notes - Version 9 hotfixes.

Depending on the Absolute product licenses associated with your account, some of the following features, enhancements, and fixes may not be available to you.

July 2024 improvements and fixes

Feature/Area	Details
Absolute APIs	The following parameter has been added to the `customFields` object in the GET /reporting/devices-advanced and GET /reporting/devices endpoints: `cdfFieldName`: the name of the Device Field
Application Resilience	Some health checks that are used to check compliance run PowerShell scripts. To prevent any antivirus programs or execution policies from blocking these scripts, the PowerShell scripts used for the following applications are now signed by Absolute: BitLocker Drive Encryption BlackBerry CylancePROTECT Forescout SecureConnector Microsoft Defender Antivirus Microsoft Defender for Endpoint Microsoft Intune Symantec DLP
Applications	The following areas of the console now show information about the anti-malware (for example, Windows Defender) and full disk encryption (for example, BitLocker Drive Encryption) products installed on Windows devices: Applications page Installed Applications report Applications page in Device Details Previously, theses products were only shown when the Include Health data option was selected in each device's Installed Applications policy.
Device groups	Previously, when a smart group used a Custom Field filter to define group membership, the filter may not have been applied correctly. This caused some devices that didn't satisfy the filter criteria to become members of the group. This issue is now fixed.
History > Actions	When you click the background of a completed Run Script action to view the request overview, the Return code field now shows 0 instead of Unknown.
Unenroll Device	Previously, an Unenroll Device request may have failed to be processed if it was submitted using the Upload Bulk Device File feature. This issue is now fixed.

June 2024 improvements and fixes

Feature/Area	Details
Actions (New!)	The Actions page in the History area has been renamed Action Requests and a new Actions page has been introduced. The new Actions page shows all device actions by device. Actions improves searching and filtering the actions that are part of each request. For example, you can now search for all actions on a single device or for all actions that have an action status of Completed. Learn more
Application Resilience	Application Resilience policies now support VMware Workspace ONE versions 23.x or higher. Learn more When configuring Application Resilience for some applications, such as Microsoft SCCM and Ivanti Secure Access Client, an additional configuration file may be required. Following the release of Secure Endpoint 9.0, clicking Upload File didn’t allow you to select and upload the configuration file. This issue is now fixed. Previously, the RAR component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. was checking the wrong file path for 32-bit installations of Symantec Endpoint Protection version 14.2.x or higher. This issue is now fixed. The following Application Resilience policies have been updated: McAfee Drive Encryption Policies for McAfee Drive Encryption have been renamed to Trellix Drive Encryption and support Trellix Drive Encryption versions 7.4.`x` or higher Learn more FortiClient VPN Policies for FortiClient VPN now check for the FortiClient (FortiClient.exe) file as part of the health checks. Learn more
Chromebook support (New!)	If you use http://cc.eu2.absolute.com to log in to the Secure Endpoint Console, Chromebook devices are now supported. You can now do the following: Add your Google account to the Secure Endpoint Console and select the OUs containing the Chromebook devices you want to sync with the Secure Endpoint Console. Deploy the Absolute for Chromebooks extension to your Chromebook devices and manage your Chromebook devices, including device actions. Sync Chromebook specific information from the Google Admin console into the Secure Endpoint Console.
Device actions	For accounts with Absolute Resilience licenses, device action deployment is now accelerated. The following device actions are now sent to Windows and Mac devices within minutes of the request being submitted, assuming the devices are online: Freeze Remove Freeze Delete File Wipe Run Script Send Message Perform EDD scan Manage Supervisor Password (Windows devices only) Unenroll This enhancement applies to device action requests submitted from the Secure Endpoint Console or the Version 3 API. If Absolute Resilience licenses are not associated with your account, device actions are sent to devices within 15 minutes of the request being submitted.
Device Details	A new Actions page has been added to Device Details. The Actions page shows all of the actions that have been requested on a device. Learn more
Freeze	Previously, when you submitted a Remove Freeze request for a Chromebook device, and the device was successfully unfrozen, its Freeze Status remained set to Frozen in the console. In some rare cases, the issue also occurred on Windows and Mac devices. This issue is now fixed.
Geolocation Tracking	When a Windows device returns an invalid OS location (accuracy=10,000 meters), the location is now ignored and the device's IP location is reported as its location.
Investigations	When submitting a theft report for a device, the device’s UUID was displayed on the Investigate stolen device page instead of its device name, serial number, username, make, and model. This issue is now fixed.
License Management (version 2)	Previously, when you clicked View devices in the unlicensed devices banner, and then exported the displayed report, the exported report included all active devices. This issue is now fixed. The exported report now includes unlicensed devices only.
Missing devices	Previously, if you attempted to update a device’s email contact on the Missing Devices page, the Report missing devices dialog failed to open. This issue is now fixed.
SIEM integration	A new version of the SIEM Connector is available for download from the Secure Endpoint Console. To improve performance, SIEM Connector 3.0 now uses version 3 of the Absolute API instead of version 2. If SIEM integration is enabled for your account, ensure that you upgrade to SIEM Connector 3.0 at your earliest convenience. Learn more All prior versions of the SIEM Connector will stop working when version 2 of the Absolute API is retired in early 2025.

May 2024 improvements and fixes

Feature/Area	Details
Application Health	Previously, when one of the following applications was detected on a device, the application may have been listed twice in application reports: CrowdStrike Falcon FileZilla Microsoft Office Professional Plus 2016 This issue is now fixed.
Application Resilience	In some cases, when the RAR component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. encountered a PowerShell error while repairing some applications, the RAR component would recreate a service with an invalid service name. This issue has been fixed for Aranda Agent, BeyondTrust Jump Client, ManageEngine Desktop Central, and Symantec DLP. The health checks for Forescout Secure Connector have been updated to use different methods to detect compliance depending on the permanent deployment type that is selected in the Application Resilience policy. As a result of these changes, the RAR component can support the Report and Report and Repair options if you are using the EXE installer.
Chromebook support	A new version of the Absolute for Chromebooks extension has been released. The new version contains improvements that increase the accuracy of the geolocation data collected by the extension.
Core agent update	The core agent (rpcnet) has been updated to include performance, stability, and security improvements. Absolute will be rolling out this update in phases over the coming months. The new core agent versions are: Windows: 6000 Mac: 7000 If automatic agent updates are enabled, your devices will automatically begin to upgrade when the new agents are made available for your account. Note that due to the phased approach, it may take several months for all devices to be updated. You can verify that a device's core agent has upgraded by reviewing the Agent field on the device's Device Details page. The new core agents will be added to the agent installers in a future release. Until that time, you can continue to use the existing installers to deploy the agent to new devices. The devices' core agent will automatically upgrade to the new version when it becomes available.
Device Groups	Previously, when submitting a device action request from Device Groups in the Devices area, the request was applied to all devices in your account if you selected the devices as follows: Select a folder that contains one or more device groups, and Select the Select All checkbox in the result grid header. This issue is now fixed, and the request is deployed to the selected devices only.
Endpoint Data Discovery	To improve performance on the Reporting Data report, the following changes have been added: You can now filter by Device, which allows you to filter the report by any of the following device identifiers: Device name Serial number Identifier Username Some filter criteria have been removed. You can now filter the report by Device, File match status, Scan date, and Match score. The Search field has been removed. You can now sort the report by the Scan date, Match score, or File match status columns. The device count has been removed from the footer of the results grid. To improve performance on the Devices with At-Risk Files in Cloud report, the following changes have been added: You can now filter by Device, which allows you to filter the report by any of the following device identifiers: Device name Serial number Identifier Username The Search field has been removed. The device count has been removed from the footer of the results grid.
Freeze	If a device has active Freeze requests or Offline Freeze rules when it's unenrolled (Disabled), a new section, Archived Freeze Status, is now added to the device’s Summary page in Device Details. This section contains the same information that was shown in the Device Freeze Status section before the device was unenrolled. This improvement was introduced to ensure that an unenrolled device’s recent unfreeze codes remain available in the console.
Investigations	Following the release of Secure Endpoint 9.0, you were unable to attach a police report to a theft report because clicking Upload failed to open a dialog for browsing and selecting files. This issue is now fixed.
License Management (version 2)	On the Edit Custom Assignment dialog in License Assignment Settings, you can no longer select the invalid option KEYWORDS in the Limit to these devices field. You can now assign a license to an unlicensed device that is frozen, reported missing, or reported stolen. In the License Management area, if a sales reference number is not available for a product, a link is no longer shown in the Sales Reference Number column of the Products report.
Persistence	For accounts that reside in the US data center (cc.us.absolute.com), if the Secure Endpoint Agent on a Windows device was tampered with, it may have failed to self-heal, in some rare cases. This issue is now fixed.
Wipe	When you submit a Wipe request for multiple devices, and two requests (Cryptographic Wipe and Delete File) are created, the request headers on the Actions page now more clearly describe the distribution of devices between the two requests. For example: