Secure Endpoint 10.1 release notes

This topic describes the software updates included in Secure Endpoint 10.1. In addition to the specific changes detailed here, each release also includes broader system enhancements designed to strengthen security, optimize performance, and enhance overall stability.

To view the software updates that apply to the Secure Endpoint Agent, see the Secure Endpoint Agent release notes - Version 10.1 hotfixes.

Depending on the Absolute product licenses associated with your account, some of the following features, enhancements, and fixes may not be available to you.

Features and enhancements

To limit the impact of a bad actor, a misconfiguration, or human error, System Administrators can now set a maximum total number of actions that can be submitted per day for an account.

Each supported device action has its own setting, which is set to the following value recommended by Absolute, but this value can be customized:

Device action Daily threshold default value

Delete File

 500

Freeze

 500

Remove Freeze

 100,000
Run Playbook 500
Run Script 20,000

Send Message

 100,000
Unenroll Device 100,000

Wipe

 500

All settings are enabled by default, with the exception of the Remove freeze action.

The daily threshold applies to actions submitted in the console, the Absolute API, or by an Action rule.

After the daily threshold is reached, new requests can't be submitted unless the user's user role is granted the new Account Threshold Configurations permission, and they choose to override the threshold.

Learn more about setting daily thresholds for actions


  • The following enhancements have been added to user-initiated playbooks:
    • A banner now shows in Device Details when a user-initiated playbook has been requested for the device. The device's Playbook passcode can be viewed in the banner.

    • In Action History, you can now track the progress of Run Playbook requests for user-initiated playbooks. The device's Playbook passcode is also shown.

      Status updates are available on the following console pages:

      • Device Details > Actions

      • History > Action Requests

      • History > Actions

    • When a Run Playbook request for a user-initiated playbook has been processed on a device, one of the following events is now logged to Event History:
      • Playbook failed
      • Playbook completed
    • When a new Run Playbook request causes a pending user-initiated playbook to be replaced by a new user-initiated playbook, a Playbook replaced event is now logged to Event History.
  • The following enhancements related to device eligibility have been added:

    • When adding the Playbooks > Status column to a device report, you can now also add a Playbook > Status details column. This column contains additional information to help you troubleshoot devices with a Playbooks status of Not supported or Not enabled. Learn more

      Status details are also shown on a device's Details > Summary page. To view the details in a tooltip, hover over the icon in the Playbooks field.

    • When viewing a policy group in the Policies > Policy Groups area, a icon now shows next to the Playbooks policy when any of the policy group's devices are not eligible to run playbooks. You can click the icon to view a report that includes the Playbooks > Status and Playbook > Status details report columns. Learn more
    • If Secure Endpoint Agent version 10.0.0.2 or lower is assigned to a policy group, you can no longer activate the policy group's Playbooks policy (activation slider is grayed out), because the policy group's devices are not eligible to run playbooks.

    • To help troubleshoot ineligible devices, you can now add the following report columns to any device report:

      • Boot Info >

        • Boot Order Locked
        • Microsoft 3rd Party UEFI CA
        • Secure Boot
      • TPM >
        • Activated
        • Enabled
        • Owned
        • Spec Version

    Learn more about troubleshooting Playbooks ineligibility

  • When submitting a Run Playbook request, a warning banner now shows on the Run playbook dialog if Secure Boot is disabled on one or more devices.
  • If a Run Playbook request is in progress on a device when the device's Playbooks policy is deactivated, a Playbook canceled event is now logged to Event History.
  • When submitting a Run Playbook request for a playbook that contains multiple actions, you can now change the execution order of the actions. Drag and drop actions to change their sequence in the list. Learn more
  • Dual approval limits are now supported for Run Playbook actions.

Installer files uploaded during Application Resilience policy configuration are now automatically scanned for malware at the time of upload and on a weekly basis. If the scan detects a potential threat, administrators are notified and can approve or delete the file. Unaddressed threats are automatically deleted after seven days. This enhancement helps ensure files are safe before they are used in policies or deployed to devices. Learn more

Programmatic token rotation allows you to replace your API tokens before they expire without the need for manual intervention in the Absolute console. When this option is enabled in a token's settings, you can use integration scripts or direct API calls to programmatically manage the token's lifecycle via the Absolute API. Learn more

The following endpoints have been added to the Absolute API to support programmatic token rotation:

  • GET /v3/configurations/tokens/{tokenID}: Retrieve information about a token using its token ID

  • POST /v3/configurations/tokens/{tokenID}/rotate: Retire the current token using its token ID and create a new token to replace the retired token

The following events are now logged to Event History:

  • Playbook replaced
  • Playbook canceled
  • Account-level daily threshold updated
  • Over threshold action request approved
  • Rule-triggered action hit the account threshold
  • Installer file uploaded
  • Installer file approved
  • Installer file deleted
  • Installer file scan succeeded
  • Installer file scan not completed
  • Installer file scan detected threats
  • API token superseded
  • API token disabled
  • API token reactivated

If desired, you can create an Alert rule based on any of these new events.

To support the new features and enhancements introduced in this release, the following permission has been added:

  • Account Threshold Configurations

This permission has been granted to the appropriate default roles. For example, System Administrators are granted Manage capabilities for this permission. To grant this permission to any custom roles you've created, update each role's permissions.

Improvements and fixes

Feature/Area Details
Absolute APIs

  • The following resources have been added:

    • Geofence: The Geofence resource allows you to query the geofences that exist in your account. You can also create and delete geofences.
    • Tokens: The Tokens resource allows you to view or rotate the API token that you use to authenticate calls to the Absolute API.
    • Action Thresholds: The Action Thresholds resource allows you to query and update your account's daily action threshold settings.
  • The following resources were updated to support the new daily action threshold settings:
    • Freeze
    • Reach
    • Wipe
    • Unenroll
    • Messaging
    • File Delete
    • Playbook
AI Assistant

  • Previously, if your question included one or more special characters, an incorrect response or the following error message was returned:

    We were unable to submit your request due to a system problem. Please try again.

    This issue is now fixed.
API management

  • When creating an API token with asymmetric encryption, you can now download a token file containing details such as the token's name, description, and ID. For security reasons, the private key is not included in the file.

  • You can no longer delete an API token in edit mode. To delete a token, hover over the token on the API management page and click the icon.
Applications

  • When the overview pane was displayed to the right of the work area on the Application Summary page, refreshing the page caused the overview pane to close. This issue is now fixed.
Application Resilience

  • Application Resilience policies for BeyondTrust Jump Client now support version 24.3.2.x or higher, including the ability to upload the installer as an MSI file.

  • Specifying the location of application binary files is now optional when configuring Application Resilience policies for Ivanti Endpoint Manager. This change allows for greater flexibility in policy setup; however, if the location is left blank, the Repair feature will be unavailable.

  • Application Resilience policies no longer support the following applications:

    • Dell Advanced Threat Prevention

    • Dell Data Guardian

    • SmartEye

    • Plurilock CloudCodes

    • IMTLazarus Agent

    • Unowhy MDM

    • NetSfere
Chromebook support

  • Version 2.6.6.4 of the Absolute for Chromebooks extension is now available. This version fixes an issue where a Freeze or Send Message request may have failed to be processed on the device, in some rare cases.
Device re-enrollment

  • Previously, when a device was unenrolled, any device action requests that were pending or in progress were immediately canceled on the device, but not on the server. If the device was then re-enrolled, the device action request was unexpectedly reapplied to the device.

    This issue is now fixed for the following device actions:

    • Delete file
    • Perform EDD scan
    • Report missing
    • Run script
    • Send message
    • Wipe

    This improvement only applies to devices unenrolled after the release of Secure Endpoint 10.1.
HIstory > Events

  • When an Unenroll Device request cancels one of the following device actions, an <Action> failed event is now logged with a failure reason of Device is unenrolled:

    • Delete file
    • Perform EDD scan
    • Run script
    • Send message
    • Wipe

  • When a device that has been reported missing is unenrolled, a Missing device unenrolled event is now logged. The device is also removed from the Missing Devices page in the Devices area.
License management

  • In the license summary area, clicking the device count next to the Unlicensed bar may have caused some quick filters to be grayed out. If the user then clicked the Unlicensed quick filter, the wrong filter may have been applied to the results grid. These issues are now fixed.
Mac support

  • macOS 13 has reached end of support by Apple. It is no longer officially supported by the Secure Endpoint Agent.
Playbooks

  • Previously, Set/remove registry keys playbooks failed to remove registry key values of the following types:

    • REG_BINARY

    • REG_MULTI_SZ

    This issue is now fixed.
User Management and permissions

  • The Dashboard Security permission, which is obsolete, has been removed from the Permissions page in the Roles area.
Windows support

  • Windows 10 has reached end of support by Microsoft. It is no longer officially supported by the Secure Endpoint Agent.
Wipe