Absolute 7.13 Release Notes

This topic describes the software changes included in Absolute 7.13. It also describes the changes included in all hotfixes since the release of Absolute 7.12.

This release introduces performance, security, data integrity, and usability improvements that enhance the responsiveness, reliability, and ease of use of the system. It also introduces enhancements, improvements, and fixes to existing features and functionality.

To view the software changes introduced in this release that apply to the Absolute agent, see the Absolute agent release notes: Version 7.13.

NOTE   Depending on the Absolute product licenses associated with your account, some of the following software changes may not be available to you.

Features and enhancements

  • Scheduling reports (New!)
  • If you are granted the Export permission for reports, you can now schedule a report so that it is generated automatically on a daily, weekly, or monthly basis and then emailed to a list of recipients. All scheduled reports are indicated on the Reports page by a icon. You can also create a schedule for the following pages in the Assets area: All Devices, Missing Devices, and Reported Stolen.

    NOTE   In this release, not all reports can be scheduled. For example, you can't schedule Classic reports, or any report that shows the Report Options button instead of the icon.

  • Application Persistence enhancements

    Application Persistence policies collect information about the functional status of third party applications installed on your Windows devices. You can now persist the following application versions:

    • McAfee® ePolicy Orchestrator version 5.6.x
    • VMWare Carbon Black Cloud version 3.5.x
  • Navigation enhancements
  • The navigation bar has been updated. You can now access the Dashboard by clicking either the Absolute logo or the new Dashboard option. The navigation bar also has a new color scheme when selecting or hovering over an option, and the icons present a more consistent appearance.

  • Dashboard enhancements
  • The following enhancements are now available on the Dashboard:

    • If you edit the title of a widget, you can now see the widget's original default name near the top of its Advanced Settings dialog. Also, some of the dialog's field labels have been updated and the Stat section has been removed.
    • In the Encryption Status widget, the Detailed > Trend view is enhanced. You can now click the percentage under Encrypted, Not Encrypted, or Pending to filter the trend line chart.
    • In the License Consumption widget, the value under Expiring no longer includes unused licenses that have already been returned to Absolute.

  • Manage Supervisor Password enhancements

    • When you submit a Manage Supervisor Password request for multiple devices, you are now unable to proceed if the selected device's Status and Version do not match (all 2.x versions are considered the same version). Therefore, before you select any devices, add the following columns to the report so you can confirm that all devices you select are in the same state:
      • Supervisor Password > Status
      • Supervisor Password > Version (new!)
    • Depending on the version and configuration of your devices' supervisor password, you may now be required to enter a strong password when you submit a Manage Supervisor Password request. Click the icon next to the Password field to view the password requirements.

  • Action History enhancements

    • Run Script requests have been added to Actions History. View the progress of a Run Script request and the Action status of the Run Script request on individual devices. New Run Script events show in Events History. You can still find events from Run Script requests created prior to this release in the Event History report.
    • You can now cancel a Device Action request on devices that have an Action Status of Pending for Wipe and Run Script actions in Actions History. The cancel events are reported in Events History.
    • Permissions for Actions History have been simplified. The Actions History permission has been removed. If a role has View permission for an action type, that role automatically granted View and Export permissions for that action type in Actions History.
    • Find a specific Device Action request from the list of requests in Actions History using the new search feature and Action type filter.
    • Complete Device Action requests now remain in the Completed list for one year.

  • Missing and stolen devices enhancements

    • You can now use bulk upload to report a large number of missing devices at one time. The results from using Missing Devices… with bulk upload are provided in a .csv file.
    • The size limit for police reports being uploaded for Stolen devices has been increased to 10 MB.

  • Android support
  • The Absolute agent for Android is now supported on devices running version 10 of the Android operating system.

    Ensure that you install the latest agent version (3301) on your Android 10 devices. To download version 3301 of the agent, go to the Settings > Download Packages page. For more information about installing the Absolute agent for Android, see the Administrator's Guide for Absolute Agent.

  • Single Sign-On (SSO) support
  • Absolute's SSO solution now supports SAML requests and responses hashed with SHA-256 and signed with a RSA-SHA256 signing algorithm. Although SHA-1 and RSA-SHA1 are also supported, Absolute highly recommends that you use SHA-256 since it is more cryptographically secure than SHA-1.

Improvements and fixes

Absolute 7.13 introduces the following improvements and fixes:

Feature/Area

Improvements and fixes

Absolute agent
  • New Toshiba Dynabook devices are now correctly identified, and the devices' Persistence Status is now reported correctly.
  • The correct Persistence status is returned for Windows devices with more than three wi-fi adapters.
  • When a BitLocker encrypted Windows device needs to restart in order to activate (or deactivate) persistence of the Absolute agent, the user can now postpone the restart for 8 hours.

Absolute APIs

  • Absolute APIs now support connections using TLS protocol version 1.2 only.
Application Persistence
  • In some cases, the status of a persisted application may have failed to upload. This issue is now fixed.
  • Previously, if a health check was performed on the SCCM client immediately after a device was reconnected to a network, the status was falsely reported as Not Compliant. This issue is fixed.

Device groups

  • When you create or edit a device group, you can now use a Custom Field to filter the device list.

EDD rules

  • On the EDD Rules page, if you inadvertently double-click Add Rule when the rule limit (50) has not yet been reached, you no longer see an error message stating that you can't create any more rules until you delete one.

End User Messaging

  • Previously, the Devices Acknowledged and Devices Not Acknowledged counts on the End User Messaging page showed "N/A" after you removed devices or device groups from an end user message. This issue is fixed. The columns now show the adjusted device count.
  • Due to a server configuration change, you now need to enable TLS protocol version 1.2 if you want to show End User Messages on devices running Internet Explorer 7, 8, or 10. This option is enabled by default on Windows 10 devices, but not on Window 7 and 8.1 devices. For more information about enabling the TLS 1.2 protocol in Internet Options, see Microsoft documentation.

Event History

  • On the Events page in the History area:
    • You no longer need to increase the width of the Summary column to view its complete contents.
    • When you select a filter to apply to the page, the following filter criteria are now listed first: Date, Device, Event, and User. The remaining filter criteria are listed in alphabetical order after these 4 items.
Freeze

(Absolute 7 version)

  • Email notifications for Freeze requests now indicate what type of freeze the notification applies to.
  • Previously, the Absolute agent may have erroneously detected that a device was already frozen and stopped processing a Freeze request. This issue is fixed.
  • Previously, when you rotated a frozen Microsoft Surface device, the Freeze message window did not adjust to maintain full-screen display and the user may have had access to some limited functionality. This issue is fixed.
  • Previously, for some Android devices, an event was not logged to the device's Event History page when the device's Freeze Status was updated to Frozen or Freeze Removed. This issue is fixed.
Geolocation
  • Previously, when Google Maps Wi-Fi Positioning was used to locate a Mac device, the device's location failed to be calculated if the device detected a very large number of wi-fi hotspots. This issue is fixed.

Hardware data collection

  • The Camera > Is Enabled field is now populated for Mac devices. This field is available in Absolute device reports and under Hardware > Camera on a Mac device's Device Details page.

Mac support

  • The version number of the Agent and Component manager installed on a Mac device are now available in reports and the device's Device Details page.
  • The Absolute agent no longer scans any .sparsebundle folders or .sparseimage files found on a Mac device. Previously, when these files were present, the EDD scan may have taken a long time to complete, or they may have been falsely identified as sensitive data.
  • When a Mac device's files are stored in OneDrive with the Files On-Demand feature enabled, and local copies of the files do not exist, the files are no longer downloaded during an EDD scan for sensitive data.
  • If a user without administrative rights is specified in a Wipe request for Mac devices, the following text now shows in the page's Status > Failure reason column: "The input user does not have administrative rights".
  • When you download and install the Absolute agent for Mac on a device running macOS 10.15, you are no longer presented with a warning message stating that the installer file "can't be opened because it is from an unidentified developer".

Multi-language support

  • When you view the Weekly Web Usage report in a language other than English, the units of time are now displayed in the correct language.
Remote File Retrieval
  • On Windows devices, Remote File Retrieval requests that include a large number of file types no longer return an empty file.

Reports

 

  • The following fixes are now available in the Device Analytics report:
    • A number of issues have been addressed to ensure that the report always includes the data collected during each device's most recent hardware data collection.
    • Report exports are now completed within a few minutes, as expected.
  • If a policy has never been activated on a device, the Not Installed icon now shows in the policy's Status column instead of "No Data".
  • The following enhancements and fixes are now available in Data Visibility reports:
    • In a report's Scan date column, the time is no longer included with the date. The time is always midnight (12:00 a.m.).
    • You can now use a device's Absolute Identifier to search a report (other than the History report) for the device.
    • Previously, in the Match Score Summary report, the applicable indicator [greater than symbol (>)] failed to show when the most recent scan on a device was stopped due to an excessive number of detected matches. This issue is fixed.
    • The Identifier column is now always the first column in an exported Data Visibility report.
  • Previously, your devices' most recent data may have failed to show in the following reports:
    • Anti-Malware
    • Device Usage
    • Full Disk Encryption Status
  • This was due to an intermittent issue that affected compression of the data before it was uploaded. This issue is now fixed.

Script Library

  • The Add Firewall Port Rule script has been updated. You can now use the following script variables to customize the script:
    • LocalPort (formerly Port)
    • RemotePort
    • LocalIP
    • RemoteIP
    • EdgeTraversal
    • InterfaceType
    • Security

SIEM Integration (Classic version)

  • The Classic version of the SIEM Connector has been updated to ensure that it can connect to the server after the latest server upgrade to support TLS v1.2 and TLS v1.3.
  • Therefore, if you are using the Classic version of the SIEM Connector, complete the following steps to install the new SIEM Connector:
    1. Uninstall the previous version (1.3) of the SIEM Connector.
    2. Go to the Settings > Download Packages page and download and install the latest version (1.4) of the SIEM Connector.

    For more information about completing these tasks, see the Absolute SIEM Connector Install Guide.

Software reporting
(Classic version)
  • Software information is now collected when Spotlight search isn't available on Mac devices.
  • Software information is collected on devices running macOS 10.15.

Web Usage

  • The Chrome extension for Windows devices is now named Absolute Analytics in the Chrome Web Store.
  • You can now export the Rising Web Usage report.
  • Previously, if a large number of unique webpages were detected over the past 7 days, the data may have not been available when you clicked a webpage title on the Web Usage report. This issue is now fixed.
  • When multiple web categories are associated with a webpage, the categories are now sorted alphabetically in the Rising Web Usage report.
  • The permissions for the Chrome extension for Mac Devices have been updated from "Read and change your data on localhost" to "Read and change your data on 127.0.0.1".

Wipe

  • When you submit a Wipe request:
    • The warning message near the top of the Wipe dialog now more accurately describes the data sanitization process.
    • You must now select a check box to acknowledge that the action can't be canceled or undone after the Wipe is deployed to the device.
    • A device is now marked as ineligible for the action if it has an open theft report.
  • A Wipe request's Certificate of Sanitization now shows the correct hard disk serial numbers.
  • A device's network connection is now blocked during the Wipe process. As a result, it is now very unlikely that a user could use a remotely backed up encryption key to access files on a wiped device.
  • When a Wipe request is configured to restart a Windows device after it's wiped, the device is now restarted as expected, even if it is configured to restart on a schedule.
  • For a Mac device, if the user specified in a Wipe request isn't an administrator, the following text now shows in the Status > Failure reason column on the Action History page: "The input user does not have administrative rights".



©2017-2020 Absolute Software Corporation. All rights reserved.