Absolute 7.13 Release Notes

This topic describes the software changes included in Absolute 7.13. It also describes the changes included in all hotfixes since the release of Absolute 7.12.

This release introduces performance, security, data integrity, and usability improvements that enhance the responsiveness, reliability, and ease of use of the system. It also introduces enhancements, improvements, and fixes to existing features and functionality.

To view the software changes introduced in this release that apply to the Absolute agent, see the Absolute agent release notes: Version 7.13.

NOTE  Depending on the Absolute product licenses associated with your account, some of the following software changes may not be available to you.

Features and enhancements

• Scheduling reports (New!)

  If you are granted the Export permission for reports, you can now schedule a report so that it is generated automatically on a daily, weekly, or monthly basis and then emailed to a list of recipients. All scheduled reports are indicated on the Reports page by a icon. You can also create a schedule for the following pages in the Assets area: All Devices, Missing Devices, and Reported Stolen.

  NOTE  In this release, not all reports can be scheduled. For example, you can't schedule Classic reports, or any report that shows the Report Options button instead of the icon.

• Application Persistence enhancements

  Application Persistence policies collect information about the functional status of third party applications installed on your Windows devices. You can now persist the following application versions:

  • McAfee® ePolicy Orchestrator version 5.6.x
  • VMWare Carbon Black Cloud version 3.5.x
• Navigation enhancements

  The navigation bar has been updated. You can now access the Dashboard by clicking either the Absolute logo or the new Dashboard option. The navigation bar also has a new color scheme when selecting or hovering over an option, and the icons present a more consistent appearance.

  

• Dashboard enhancements

  The following enhancements are now available on the Dashboard:

  • If you edit the title of a widget, you can now see the widget's original default name near the top of its Advanced Settings dialog. Also, some of the dialog's field labels have been updated and the Stat section has been removed.
  • In the Encryption Status widget, the Detailed > Trend view is enhanced. You can now click the percentage under Encrypted, Not Encrypted, or Pending to filter the trend line chart.
  • In the License Consumption widget, the value under Expiring no longer includes unused licenses that have already been returned to Absolute.
• Manage Supervisor Password enhancements
  • For devices that are eligible for Manage Supervisor Password requests, a new section now shows on each device's Device Details page. The new Supervisor password section shows the device's Status Indicates whether the firmware's supervisor password on a device has been set remotely in the Absolute console. Possible values are: Not Set, Set Locally (changes require current password), Set Remotely, and Set Remotely (changes require current password). The field applies to select Windows devices only. and Version The version number of the firmware's supervisor password software. This field applies to select Windows devices only..
  • When you submit a Manage Supervisor Password request for multiple devices, you are now unable to proceed if the selected device's Status and Version do not match (all 2.x versions are considered the same version). Therefore, before you select any devices, add the following columns to the report so you can confirm that all devices you select are in the same state:
    • Supervisor Password > Status
    • Supervisor Password > Version (new!)
  • Depending on the version and configuration of your devices' supervisor password, you may now be required to enter a strong password when you submit a Manage Supervisor Password request. Click the icon next to the Password field to view the password requirements.

• Action History enhancements
  • Run Script requests have been added to Action History. View the progress of a Run Script request and the Action status of the Run Script request on individual devices. New Run Script events show in Event History. You can still find events from Run Script requests created prior to this release in the Event History report.
  • You can now cancel a Device Action request on devices that have an Action Status of Pending for Wipe and Run Script actions in Action History. The cancel events are reported in Event History.
  • Permissions for Action History have been simplified. The Action History permission has been removed. If a role has View permission for an action type, that role is automatically granted View and Export permissions for that action type in Action History.
  • Find a specific Device Action request from the list of requests in Action History using the new search feature and Action type filter.
  • Complete Device Action requests now remain in the Completed list for one year.

• Missing and stolen devices enhancements
  • You can now use bulk upload to report a large number of missing devices at one time. The results from using Missing Devices… with bulk upload are provided in a .csv file.
  • The size limit for police reports being uploaded for Stolen devices has been increased to 10 MB.
• Android support

  The Absolute agent for Android is now supported on devices running version 10 of the Android operating system.

  Ensure that you deploy the latest agent version (3301) on your Android 10 devices.

• Single Sign-On (SSO) support

  Absolute's SSO solution now supports SAML requests and responses hashed with SHA-256 and signed with a RSA-SHA256 signing algorithm. Although SHA-1 and RSA-SHA1 are also supported, Absolute highly recommends that you use SHA-256 since it is more cryptographically secure than SHA-1.

Improvements and fixes

Absolute 7.13 introduces the following improvements and fixes:

Feature/Area	Improvements and fixes
Absolute agent	New Toshiba Dynabook devices are now correctly identified, and the devices' Persistence Status is now reported correctly. The correct Persistence status is returned for Windows devices with more than three Wi-Fi adapters. When a BitLocker encrypted Windows device needs to restart in order to activate (or deactivate) persistence of the Absolute agent, the user can now postpone the restart for 8 hours. On the Agent Management, when you click a policy group in the Assigned Policy Groups column to assign a different agent version, you can now scroll to and select the latest version.
Absolute APIs	Absolute APIs now support connections using TLS protocol version 1.2 only.
Application Persistence	In some cases, the status of a persisted application may have failed to upload. This issue is now fixed. Previously, if a health check was performed on the SCCM client immediately after a device was reconnected to a network, the status was falsely reported as Not Compliant. This issue is fixed.
Device Details	In Device Details, you can now search for a new device by entering the device's serial number or Absolute Identifier in the sidebar search field.
Device groups	When you create or edit a device group, you can now use a Custom Field to filter the device list. The tooltip text for a child smart device group's inherited filters is now more easily readable.
EDD rules	On the EDD Rules page, if you inadvertently double-click the sidebar's icon when the rule limit (50) has not yet been reached, you no longer see an error message stating that you can't create any more rules until you delete one.
End User Messaging	Previously, the Devices Acknowledged and Devices Not Acknowledged counts on the End User Messaging page showed "N/A" after you removed devices or device groups from an end user message. This issue is fixed. The columns now show the adjusted device count. Due to a server configuration change, you now need to enable TLS protocol version 1.2 if you want to show End User Messages on devices running Internet Explorer 7, 8, or 10. This option is enabled by default on Windows 10 devices, but not on Window 7 and 8.1 devices. For more information about enabling the TLS 1.2 protocol in Internet Options, see Microsoft documentation.
Event History	On the Events page in the History area: You no longer need to increase the width of the Summary column to view its complete contents. When you select a filter to apply to the page, the following filter criteria are now listed first: Date, Device, Event, and User. The remaining filter criteria are listed in alphabetical order after these 4 items.
Freeze (Absolute 7 version)	Email notifications for Freeze requests now indicate what type of freeze the notification applies to. Previously, the Absolute agent may have erroneously detected that a device was already frozen and stopped processing a Freeze request. This issue is fixed. Previously, when you rotated a frozen Microsoft Surface device, the Freeze message window did not adjust to maintain full-screen display and the user may have had access to some limited functionality. This issue is fixed. Previously, for some Android devices, an event was not logged to the device's Event History page when the device's Freeze Status was updated to Frozen or Freeze Removed. This issue is fixed.
Geolocation	Previously, when Google Maps Wi-Fi Positioning was used to locate a Mac device, the device's location failed to be calculated if the device detected a very large number of Wi-Fi hotspots. This issue is fixed.
Hardware data collection	The Camera > Is Enabled field is now populated for Mac devices. This field is available in Absolute device reports and under Hardware > Camera on a Mac device's Device Details page.
Mac support	The version number of the Agent and Component manager installed on a Mac device are now available in reports and the device's Device Details page. The Absolute agent no longer scans any .sparsebundle folders or .sparseimage files found on a Mac device. Previously, when these files were present, the EDD scan may have taken a long time to complete, or they may have been falsely identified as sensitive data. When a Mac device's files are stored in OneDrive with the Files On-Demand feature enabled, and local copies of the files do not exist, the files are no longer downloaded during an EDD scan for sensitive data. If a user without administrative rights is specified in a Wipe request for Mac devices, the following text now shows in the page's Status > Failure reason column: "The input user does not have administrative rights". When you download and install the Absolute agent for Mac on a device running macOS 10.15, you are no longer presented with a warning message stating that the installer file "can't be opened because it is from an unidentified developer".
Multi-language support	When you view the Weekly Web Usage report in a language other than English, the units of time are now displayed in the correct language.
Remote File Retrieval	On Windows devices, Remote File Retrieval requests that include a large number of file types no longer return an empty file.
Reports	The following fixes are now available in the Device Analytics report: A number of issues have been addressed to ensure that the report always includes the data collected during each device's most recent hardware data collection. Report exports are now completed within a few minutes, as expected. If a policy has never been activated on a device, the Not Installed icon now shows in the policy's Status column instead of "No Data". The following enhancements and fixes are now available in Data Visibility reports: In a report's Scan date column, the time is no longer included with the date. The time is always midnight (12:00 a.m.). You can now use a device's Absolute Identifier to search a report (other than the History report) for the device. Previously, in the Match Score Summary report, the applicable indicator [greater than symbol (>)] failed to show when the most recent scan on a device was stopped due to an excessive number of detected matches. This issue is fixed. The Identifier column is now always the first column in an exported Data Visibility report. Previously, your devices' most recent data may have failed to show in the following reports: Anti-Malware Device Usage Full Disk Encryption Status This was due to an intermittent issue that affected compression of the data before it was uploaded. This issue is now fixed.
Script Library	The Add Firewall Port Rule script has been updated. You can now use the following script variables to customize the script: LocalPort (formerly Port) RemotePort LocalIP RemoteIP EdgeTraversal InterfaceType Security
SIEM Integration (Classic version)	The Classic version of the SIEM Connector has been updated to ensure that it can connect to the server after the latest server upgrade to support TLS v1.2 and TLS v1.3. Therefore, if you are using the Classic version of the SIEM Connector, complete the following steps to install the new SIEM Connector: Uninstall the previous version (1.3) of the SIEM Connector. Go to the Settings > Download Packages page and download and install the latest version (1.4) of the SIEM Connector. For more information about completing these tasks, see the Absolute SIEM Connector Install Guide.
Software reporting (Classic version)	Software information is now collected when Spotlight search isn't available on Mac devices. Software information is collected on devices running macOS 10.15.
Web Usage	The Chrome extension for Windows devices is now named Absolute Analytics in the Chrome Web Store. You can now export the Rising Web Usage report. Previously, if a large number of unique webpages were detected over the past 7 days, the data may have not been available when you clicked a webpage title on the Web Usage report. This issue is now fixed. When multiple web categories are associated with a webpage, the categories are now sorted alphabetically in the Rising Web Usage report. The permissions for the Chrome extension for Mac Devices have been updated from "Read and change your data on localhost" to "Read and change your data on 127.0.0.1".
Wipe	When you submit a Wipe request: The warning message near the top of the Wipe dialog now more accurately describes the data sanitization process. You must now select a check box to acknowledge that the action can't be canceled or undone after the Wipe is deployed to the device. A device is now marked as ineligible for the action if it has an open theft report. A Wipe request's Certificate of Sanitization now shows the correct hard disk serial numbers. A device's network connection is now blocked during the Wipe process. As a result, it is now very unlikely that a user could use a remotely backed up encryption key to access files on a wiped device. When a Wipe request is configured to restart a Windows device after it's wiped, the device is now restarted as expected, even if it is configured to restart on a schedule. For a Mac device, if the user specified in a Wipe request isn't an administrator, the following text now shows in the Status > Failure reason column on the Action History page: "The input user does not have administrative rights".