Absolute 7.19 Release Notes

This topic describes the software changes included in Absolute 7.19. It also describes the changes included in all hotfixes since the release of Absolute 7.18.

This release introduces performance, security, data integrity, and usability improvements that enhance the responsiveness, reliability, and ease of use of the system. It also introduces enhancements, improvements, and fixes to existing features and functionality.

To view the software changes introduced in this release that apply to the Absolute agent, see the Absolute agent release notes: Version 7.19.

NOTE  Depending on the Absolute product licenses associated with your account, some of the following software changes may not be available to you.

Features and enhancements

You can now view a predefined report that shows all Windows and Mac devices with an active Offline Freeze rule.

The Upcoming Offline Device Freeze report includes an Expected freeze date column that uses each device's Last connected The date and time when a device's Absolute agent last checked in to the Absolute Monitoring Center. date to calculate the date when the device will be frozen if it doesn't check in before its offline timer After an Offline Freeze rule is activated on a device, the offline timer starts counting down on the device. With each successful agent check-in the timer resets. If a device does not check in before the timer expires, the device is frozen. The length of the timer in days is specified in the rule configuration. expires.

This new report is available in the Security category in the Reports area.

Learn more

With a Resilience license, you can download the Absolute DataExplorer Builder tool. Use DataExplorer Builder to create your own data points that you can upload to the Custom Data policy. DataExplorer Builder is an advanced feature, and some familiarity with the Windows operating system, programming logic, and scripting is recommended.

Learn more

Absolute Insights for Endpoints (Insights) uses the power of Elasticsearch and Kibana to help you analyze your Absolute data using customizable dashboards and visualizations.

By default, Insights includes 14 dashboards that include graphs, charts, and data tables to help you track the device data that you're most interested in. You can also build your own dashboards using the 300+ Absolute data fields that are available to you.

Absolute Insights is available as an add-on to all Absolute product licenses. After an Absolute Insights add-on license is assigned to your account and you've configured Insights, you can access the Insights console using the new icon on the navigation bar.

Learn more

NOTE  For information about purchasing an Absolute Insights add-on license, contact Absolute Sales.

The following agent-related enhancements are now available:

  • A new section, Core Agent, is now available on the Agent Management page in the Settings area.

    The Core Agent section contains new installer packages for your Windows and Mac devices. Use this section if you want to download and install Absolute's core agent only. Additional agent components will be downloaded to your devices as you enable features in the Absolute console.

    Note that the core agent installer is available as an alternative to the full agent installer, which is also available on the Agent Management page. Learn more about these installers

    NOTE  The core agent installers do not include a tool for triggering agent calls. To trigger a call from a new Windows device, download and run the Persistence Status Monitor. To trigger a call from a new Mac device, download and run the Agent Management Tool (DDSINFO).

  • In preparation for the future deprecation of the Download Packages page:
    • the Download Packages link has been removed from the Settings sidebar. To access the page, navigate to the Agent Management page in the Settings area and click Go to the Classic Download Package Page near the bottom of the page.
    • the Absolute for Chromebooks section has been moved from the Download Packages page to the Agent Management page in the Settings area.
  • The Agent Management Tool (DDSINFO) for Mac is now available for download from the Utilities page.

You can now upload Application Persistence installers to the Absolute console for the following applications:

  • Citrix Workspace™ version 20.x or higher
  • McAfee ePO version 5.5.x
  • NetMotion Mobility
  • Tenable Nessus Agent
  • Trend Micro Apex One
  • WinMagic SecureDoc version 8.x
  • Zscaler

Learn more

Application Persistence policies, which collect information about the functional status of third party applications installed on your Windows devices, now support persistence of the following applications:

You can now persist the following application versions:

  • SmartDeploy® Client version 3.x or higher
  • Tanium™ version 7.4.x or higher
  • VMware Carbon Black Cloud version 3.7.x or higher

All newly added applications and versions except Microsoft Defender Antivirus support installer hosting.

The Reports page has been redesigned and now has a more modern and user-friendly interface.

NOTE  This enhancement was released on December 14, 2021 in an Absolute 7.18 hotfix.

Highlights

  • The Reports page includes a new sidebar that contains links to:
    • four filtered views of your reports: All Reports, Custom, Scheduled, and Favorites
    • five report categories: Device, Application, Security, Data Visibility, and Events
  • You can access your custom reports in Custom view, or in the report category of the original predefined report.
  • You can now favorite up to 30 reports.
  • Management of your reports is also improved. You can now perform the following actions on a report without opening it:
    • Edit Title & Description
    • Save As
    • Export
    • Schedule
    • Add to Favorites

This release introduces the following enhancements to Event History:

  • The data retention period for most event types has increased from 30 days to 90 days or 365 days. Learn more

Features at or nearing end-of-life

Absolute has deprecated the following features:

Feature

Details

Data Delete

The Data Delete feature is no longer available. That is, you can no longer submit new Data Delete requests or create Deletion Policies. However, you can still work with any Data Delete requests that are in progress, and view all completed requests. For more information about working with existing Data Delete requests, see the Absolute User Guide.

To delete files and folders from your devices, submit a File Delete or Wipe request.

Android support

Absolute has ended support for the Absolute agent for Android.

If you are using the Android agent on your devices, it will continue to call in to the Absolute Monitoring Center with updated data. However, no new versions of the agent will be released, including updates for bug fixes.

The Absolute agent currently supports devices running Android versions 4.4.2 to 9.0.

NOTE  You can download the current version of the Absolute agent for Android from the Download Packages page.

Classic Absolute SIEM Connector

The Classic Absolute SIEM Connector is no longer available for download. If you want to start sending logged events from the Absolute console to a SIEM application, download and configure the Absolute 7 SIEM Connector.

NOTE  All Classic SIEM integrations configured prior to February 2022 will continue to be supported and to function as expected.

All Classic software reports will be retired in early Q2 2022. This includes all reports that are currently available under Software Assets on the Classic Reports page.

If you are currently using these reports, we recommend that you enable enhanced software data collection by activating the Installed Applications policy. You can then open the following pages and reports to view enhanced information about the applications installed on your devices:

Improvements and Fixes

Absolute 7.19 introduces the following improvements and fixes:

Applications
  • You can now export the Assets > Applications page to a report in CSV, Excel, or XML format. Note that application version numbers are not included in the exported report.
  • Previously, on a device's Applications page in Device Details, an application's Installed column may have showed an incorrect date and time, in some cases. This issue is now fixed.
Application Persistence
Authentication
  • User accounts are now locked after five unsuccessful login attempts instead of three.
  • When an administrator is disabling Two Factor Authentication, the user session is now terminated if an incorrect verification code is entered five consecutive times.
Chromebook support
  • Previously, when a Chromebook device lost connectivity for more than 15 minutes, any pending data wasn't uploaded when network connectivity was restored. This issue is now fixed.
  • Previously, in some cases, not all the hardware information for Chromebook devices appeared in the Absolute console when the device's organization unit was synced to the console. This issue is now fixed.
  • Previously, Chromebook devices with bridged network interfaces were not correctly reporting their local IP address. This issue is now fixed.
Custom Data Collection
  • You can now enable the Custom Data policy from the Policies > Policy Groups page.
  • Users no longer require the Custom Data Collection View permission to see collected Custom Data policy data points in the Assets report and in the device's Device Details page. The Custom Data Collection Manage permission is still required to see the Policies > Custom Data area.
Dashboard
  • Previously, navigating away from the dashboard and back again may have unexpectedly updated the layout of the dashboard's widgets. This issue is now fixed.
Device Freeze API
  • Following the release of ABS 7.18, the Device Freeze API returned an error when a POST /v2/device-freeze/requests request was sent with the passcode.Definition.option parameter set to UserDefined. This issue is now fixed.
Device Groups
  • Previously, when you created a new Classic device group, the new device group wasn't available in the Device group filter drop-down until you refreshed the report. Now, the device group shows in the report's Device group filter drop-down immediately after creating it.
  • You can now use the following filters to create a smart device group:
    • Device location
      • City
      • Country
      • State/Province
    • Geolocation technology
      • Accuracy (meters)
      • Type
    • Geolocation tracking
      • Last data received
      • Policy updated
      • Status
Device Usage
  • You can now export a device's usage events in CSV, Excel, or XML format. Navigate to the device's Device Details area, click the Usage tab, and click Export.... In the exported report, the times in the Timestamp column now show AM or PM. Learn more

EUSA

  • The End User Service Agreement (EUSA) has been updated to add Appendix C: Missing Device Reclamation that describes the terms and definitions pertaining to a new optional service available to Absolute customers. Depending on your account configuration, you may be required to review and accept version 5.4.1 of the EUSA the next time you log in to the Absolute console.
Freeze

(Absolute 7 version)

  • The Unfreeze code history dialog, which you can open from a device's Details > Summary page, now includes a Requested by column.
Geolocation
  • From a device's Location History tab, you can now export up to 365 days of the device's past location changes and view them in a report. Learn more
  • For devices that connect to the Internet using an ethernet cable and have never connected using Wi-Fi, device location data is now available in the Absolute console using OS Location API.

  • Previously, in some rare cases, an incorrect street address may have showed on a device's Location History page when the location marker on the map was correct. This issue is now fixed.

  • Geolocation using Google Wi-Fi-Positioning now uses a new algorithm to more accurately determine if a device has changed its location.

History > Events

  • When an unfreeze code is used to unfreeze a device, a Device Freeze removed event is now logged to Event History. Passcode shows in the Summary column.
  • When a Remove Freeze request is submitted for a device that was frozen by an Offline Freeze rule, a Remove freeze requested event is now logged to Event History.
  • For Mac devices, a change to the device's mount point no longer triggers a Volume updated event.
Investigations
  • When submitting a new theft report, a warning message now shows if the device has a pending Wipe or File Delete request.
Manage Supervisor Password

  • When submitting a Manage Supervisor Password request, the Device Eligibility for Manage Supervisor Password dialog no longer shows when all selected devices are eligible for the action.
Policy Groups
  • You can now configure and activate a policy group's Endpoint Data Discovery policy before any devices are added to the policy group.
Reach scripts
  • Previously, when you ran the Enables or Disables USB Removable Media Reach script, the script only worked for USB storage devices that already had a driver installed. The script has been updated to enable or disable access for new USB storage devices.

    If a USB storage device is plugged in while the script runs, the end user can access the device while it remains plugged in or until the computer is restarted.

    If the script is used to disable USB Removable Media, Windows doesn't show information for plugged in USB storage devices in Explorer or in Disk Management.

  • Previously, the Add Local User Reach script failed to add new users on Windows 10 devices. Groupname has been added as a required variable and users can be added successfully.
Report filters

  • Previously, the is filter condition wasn't working on the Reporting Data report. This issue is now fixed.
Reports
  • The default columns for the All Devices page in the Assets > Devices area have been updated.
    • The following columns have been added to the initial view:
      • Local IP address
      • Public IP address
      • Encryption > Status
      • Chromebook > Annotated asset ID
    • The following columns have been removed from the initial view:
      • Hardware > Status
      • Software > Status
      • Data Discovery > Status

      • Note that these removed columns are still default columns in the Devices with Active Policies report.

  • In Endpoint Data Discovery reports, the Username column now shows the username of the last logged in user. Previously, it showed No Data if no user was logged in during the most recent agent connection.
  • After saving the predefined Event History report as a custom report, the styling and format of the new report was temporarily inconsistent with the predefined report (closing and reopening the report corrected its appearance). This issue is now fixed.
  • Previously, when you exported a report, number fields were exported in text format. Number fields are now exported in number format and they can be used for formulas and for sorting in Excel.
  • When you're scheduling a report, four new file compression options are now available in the File format field:
    • Compressed CSV (.csv) with column names
    • Compressed CSV (.csv) without column names
    • Compressed Excel (.xlsx)
    • Compressed XML (.xml)

    If a report is exceptionally large (> 20 MB), and your organization supports compressed email attachments, we recommend that you select one of these options to package the report in a ZIP file.

  • You can no longer directly add the following console pages to your Favorites in the Reports area:
    • Assets > Devices > All Devices
    • Assets > Devices > Missing Devices
    • Assets > Devices > Reported Stolen
    • History > Events

    To add these pages to your Favorites, save them as a custom report and then favorite the custom report.

  • For accounts with the Lenovo Patch Stand Alone license, the following Classic reports, which are not supported with this license, are no longer listed under Events on the Reports page:

    • Delete & Freeze Events

    • Location History

Rules

  • A new option is now available when you're creating an Unexpected location change rule:
    Do not trigger rule when device moves between any above locations

    Select this option if you don't want to receive an email when a device moves from one specified location to another. Note that this option does not apply to moves between geofences or between a geofence and a location. Learn more

  • When an email notification is sent more than 48 hours after a device level event occurs, the following note is now included in the email:

    Note: This alert was generated for a change that occurred more than 48 hrs in the past. In some cases, Absolute is able to capture changes from devices that are 'offline', the changes are reported to the Absolute Monitoring Center on the next connection.

Search
  • To improve performance, the following changes have been made to search:
    • Search results in Assets > Devices, Assets > Applications, History > Actions, and most reports are no longer updated dynamically as you type. In the search field, type all of part of your search keyword and click Search or press Enter. Your search keyword must contain at least two characters.
    • You now need to select the fields that you want to search on all device-based reports. You can select any string column that is visible on the report as a search field. The Device name field, which allows you to search on both device name and serial number, is selected by default.
    • For reports that had All in the search drop-down, All has been removed. You must now select a specific field.
    • When searching for a Reach Script when creating a Run Script request, the All, Absolute, and Custom drop-downs were removed as part of an earlier hotfix. As part of this release, you can now filter Reach Scripts using the All, Absolute, and Custom buttons.
Unenroll Device

  • The Unenroll Device feature has been enhanced to allow for the detection and correction of unintentional or accidental Unenroll Device requests. After you submit a request, the device's status is still immediately set to Disabled and its license is released, but the Absolute agent is no longer removed on the next agent connection. The Absolute server now waits 72 hours after the request is submitted to remove the agent.
Wipe
  • Previously, if a Delete All Files Wipe was processed on a frozen device, and then the device was unfrozen, a user could successfully log in to the device. This issue is now fixed. In this scenario, the login attempt now fails with a user profile not found error.