Absolute 7.20 Release Notes

This topic describes the software changes included in Absolute 7.20. It also describes the changes included in all hotfixes since the release of Absolute 7.19.

This release introduces performance, security, data integrity, and usability improvements that enhance the responsiveness, reliability, and ease of use of the system. It also introduces enhancements, improvements, and fixes to existing features and functionality.

To view the software changes introduced in this release that apply to the Absolute agent, see the Absolute agent release notes: Version 7.20.

NOTE  Depending on the Absolute product licenses associated with your account, some of the following features, enhancements, and fixes may not be available to you.

Features and enhancements

For accounts with Absolute Control or Absolute Resilience, this release introduces a new and improved offering of the End User Messaging feature.

The new Send Message device action lets you send messages to your device users to share important news and announcements or to solicit feedback or other information. Messages can be displayed in a dialog or as a full screen message and you can schedule them for a future date, if desired.

You can enhance your messages with an image and basic text formatting. You can also use Custom Device Fields to insert device information in a message or to store message responses from your device users.

After you submit a new Message request, you can track its progress in Action History.

Learn more

In the Settings > Message area, you can create templates for the messages that you send most often. Message templates are available for selection when a user creates a Send Message request. Users can also save a message as a template while they're creating a new request.

To help you get started, the following message templates are available by default:

  • Device Geofence Alert
  • Windows Patch Reboot Reminder

Learn more

For accounts with an activated Web Usage policy, a new report is now available.

The Web Subscriptions report helps you understand the return on investment of your current website subscriptions. After you've set up the report by adding details about your current website subscriptions, you can compare the usage of a website against the cost of its subscription.

Learn more

The version 3 API offers a simplified authentication mechanism. The new authentication mechanism allows you to leverage open source libraries for signing your API requests. The version 3 API supports authentication using both asymmetric and symmetric encryption. Error responses have been improved and the API documentation has been updated.

Learn more

The API Token Management page has been improved with a number of enhancements, including:

  • expiry dates for API tokens
  • the ability to limit which IP addresses can be used access to the APIs
  • support for authentication using asymmetric keys

Learn more

This release introduces the following enhancements to the Reports area of the console:

The following enhancements are now available:

You can now share your customized reports with other users.

My Reports view shows the reports that you can share. To see the reports that other users have shared with you, go to Shared with me view. All shared reports are indicated by a icon.

You can share a report in the following ways:

  • From My Reports view, click the report's icon.
  • From an open report, click > Share.

You can also share a report while you're scheduling it.

By default, shared reports are read-only and are available to all users in your account; you can't select individual users to share a report with. When you edit a report that you've shared, the report is automatically updated for all other users.

Learn more

You can now create your own custom view of a predefined report A report that is available by default for all customer accounts. You can access your predefined reports in Absolute view of the Reports page. Also see "user-defined report"..

After you update a predefined report's filters, columns, and/or sort order, you can now use the > Save option to save your changes to the predefined report. Your custom view persists until you revert to the report's default settings using the new > Reset to default option. Previously, any changes to a predefined report were retained for the current user session only.

Learn more

These enhancements are also available on the following pages in the Assets > Devices area:

  • All Devices
  • Missing Devices
  • Reported Stolen

Learn more

This release introduces the following enhancements to the History area of the console:

After you submit a Send Message request for one or more devices, you can track its progress in Action History.

Send Message requests that are scheduled for a future date show in a new section on the sidebar called Scheduled. These requests have a status of Pending or Ready.

After you open a Send Message request:

  • You can view more information about the device by clicking anywhere in the device row to open the Device Overview dialog. This dialog shows the device's encryption status, last connected date and time, and the message response, if applicable. Learn more
  • You can resend a message to one or more devices. Learn more

The following events are now logged to Event History:

  • Messages
    • End user message requested
    • End user message completed
    • End user message failed
    • End user message cancellation requested
    • End user message cancellation failed
    • End user message canceled
    • Message template created
    • Message template updated
    • Message template deleted
  • API Tokens
    • API Token created
    • API Token updated
    • API Token deleted
    • API Token expired
  • Session max time exceeded
  • Service provider accessed

Application Persistence policies, which collect information about the functional status of third party applications installed on your Windows devices, now support persistence of the following applications:

All newly added applications support file hosting.

This release introduces the following enhancements to Application Persistence file hosting:

As part of Application Persistence file hosting, you can now delete unused files. Unused files include files that are not being used in any Application Persistence policy, files that are linked to an Application Persistence policy that is configured for Report only, or Report and repair, and files that are linked to an Application Persistence policy that is configured for Report, repair, and reinstall, or Report and reinstall, but is inactive.

Previously, you could only upload Application Persistence files that were 500 MB or smaller. The file size limit has been increased to 700 MB.

You can now upload Application Persistence installers to the Absolute console for the following applications:

  • Dell Encryption
  • FortiClient® VPN
  • Ivanti® Endpoint Manager
  • Symantec Endpoint Protection
  • VMWare Horizon® Client

The following enhancements have been added to the Dashboards area of Absolute Insights for Endpoints:

  • A new dashboard, Device Login - IT Dashboard, is now available. Use it to review device login and unlock events during a specified time range.
  • The Executive Summary dashboard now includes a Unique Device Name Count visualization, which shows the total number of unique Device Names detected in your account.
  • The Anti-Malware and Encryption Status - Risk and Compliance Dashboard now includes a Not Encrypted Devices by Week visualization. This vertical bar chart shows the change in not encrypted devices week over week.
  • The Application Health Status - IT Dashboard now includes a Non-Compliance Week over Week visualization. This vertical bar chart shows the change in non-compliant applications week over week.
  • The Application Usage by Device Name data table on the Application Usage - IT Dashboard has been simplified. It now contains only the Device Name and Sum of App Usage columns.
  • If a dashboard's Documents Matching Current Search table is exceptionally large (up to 25 MB), you can now successfully download the table in CSV format. Note that if the file size exceeds 25 MB, the download may fail. Filter the dashboard before attempting another download.

Device Usage events are now available in the Discover area of the Elastic console. This enhancement introduces the following docSubType to the dur docType: event. Documents of this docSubType contain the following new fields:

  • deviceUsage.eventType
  • deviceUsage.hour
  • eventTimeStampUtc

NOTE  These enhancements were introduced in two Absolute 7.19 hotfixes that were released on March 9, 2022 and April 5, 2022.

A new and improved Connector is now available for download from the ServiceNow Store.

The new Absolute Connector provides ServiceNow users with:

  • real-time access to Absolute asset data for computers with out-of-date or inaccurate data in the CMDB.

  • the ability to submit the following device actions directly from their ServiceNow instance:

    • Freeze

    • Remove Freeze

    • Run Script

    • Unenroll

NOTE  If you are currently using the Absolute ITSM Connector to integrate Absolute with your ServiceNow instance, we recommend that you upgrade to the new Absolute Connector.

Learn more

Features at end-of-life

Classic software reports have been retired. This includes all reports that were previously available under Software Assets on the Classic Reports page.

If you have not yet activated the Installed Applications policy, we recommend that you do so now. You can then open the following pages and reports to view information about the applications installed on your devices:

Improvements and Fixes

Absolute 7.20 introduces the following improvements and fixes:

Feature/Area

 

Absolute agent

  • Previously, after running the Windows core agent installer on a Lenovo Thinkpad T14 Gen 2 device, the device ceased to respond to inputs. This issue is now fixed.
  • Addressed an issue with the Mac core agent installer so the installer doesn't write settings to the device on a failed installation

Anti-Malware

  • The Anti-Malware > Definition report column now shows the correct definition version for McAfee Endpoint Security.

Applications

  • Previously, if a gold image was installed on the device, an incorrect installation date may have been reported for a Window base app (e.g. Calculator, Camera). This issue is now fixed.
  • Advancing and then reverting the system date on a Mac device no longer stops the collection of new and updated application information.
Application Persistence

  • Following the release of a hotfix on March 15, updating an application's policy configuration on the Policies > Persistence tab may have intermittently failed. This issue is now fixed.

  • The following Application Persistence policies have now been updated:

    • Cisco® AMP for Endpoints

      Policies now check for an additional verified signature for the services being monitored for health checks.

    • CrowdStrike Falcon®

      • The Custom ID (CID) field is now optional and has been renamed Additional installation commands. The Bulk maintenance token (if required) field has been renamed Additional uninstallation commands.

      • Policies now correctly shows that they support EXE files, and not MSI files

    • Dell Encryption

      The Application Persistence policies for Dell Encryption no longer contain the Encryption External Media selector. If you would like to install the Encryption External Media version of the Dell Encryption Client, you can include it as a parameter in the Additional installer commands. See Dell Encryption Client documentation for the supported syntax.

    • Microsoft® SCCM

      • You can now configure the specific minimum version of Microsoft SCCM you expect to be running on your devices.

      • The hardware inventory scans and software inventory scans now indicate that they only apply to report and repair.

    • Symantec DLP

      Policies now check for an additional verified signature for the services being monitored for health checks.

    • Trend Micro Apex One™

      Policies now check multiple folders for the services being monitored by health checks.

    • VMware Carbon Black Cloud™

      Previously, Application Persistence policies for VMware Carbon Black Cloud™ checked to see if the Carbon Black Cloud WSC service (RepWSC.exe) was running. Now, policies only check to see if Carbon Black Cloud WSC service (RepWSC.exe) is installed.

    • Zscaler™ Client Connector

      The RAR component now only checks for the existence of the ZSAUpdater (ZSAUpdater.exe) and ZSATunnel (ZSATunnel.exe) services. It no longer checks to see if these services are running.

  • Application Persistence polices no longer show that the file:// protocol is supported.

Assets

  • When you schedule a page in the Assets area, the page is now added to Scheduled view of the Reports page.
  • In the menu, the Save As option is now labeled Save as report to more accurately reflect the end result of the action.

  • Previously, the sidebar in the Assets area may have intermittently failed to load. This issue is now fixed.

Authentication

  • The minimum requirements for user passwords has been updated to allow users to more easily create passphrases.

    Password requirements are as follows:

    • Must be between 8 and 64 characters in length
    • May contain any printable ASCII characters, including spaces and Unicode characters
    • Reuse of the user's last 5 passwords is not permitted
  • A single user session can no longer exceed 12 hours in length. If this limit is reached, the session is terminated and a Session max time exceeded event is logged to Event History. The user must log in again.

Chromebook support

  • When you unenroll a Chromebook through the Google Admin Console, either by deprovisioning the device or by moving it to an unsynced OU, the Events page in the History area now shows the change was initiated by Google Sync.
  • Previously, if the sync between Absolute and a Google account failed, there was no way to update the account information in the Absolute console. The account had to be removed, which also removed the organizational unit configurations. You can now go to Settings > Chromebooks settings and use the new Update Account button to update your Google account information.

Dashboard

  • Previously, if you searched for and viewed one device after another from the Dashboard, a caching issue may have occurred on the Device Details page. This issue is now fixed.

  • The performance of the dashboard has been improved. Widget data now loads more quickly after login.

  • Previously, the device groups field in a widget's Advanced Settings dialog failed to contain a selection list of the account's device groups. This issue is now fixed.

Device Details

  • A status alert banner now shows in the summary area of the Device Details page when a device has a pending Run Script, Delete File, or Wipe request. To cancel a request, click Cancel in its banner.

    For example:

Endpoint Data Discovery (EDD)

  • A warning related to the deprecated Data Delete feature has been removed from a Mac device's EDD Summary page.

  • To improve the performance of EDD scans, a set of directories commonly associated with source code have been excluded from scans with a scan level set to Targeted or Moderate.
Freeze

(Absolute 7 version)

  • You can now include a device's device name or Absolute Identifier in a Freeze message using the Insert variable field.
  • Immediately following the release of ABS 7.19, your first attempt to submit a Freeze request may have led to a Bad Request error, or the Classic Device Freeze workflow may have been invoked, including authorization codes. This issue is now fixed.
  • In some rare cases:
    • A device could be unfrozen when additional digits were entered with the device's unfreeze code. This issue is now fixed.
    • The status of a newly frozen device may have been unexpectedly changed to Freeze Failed. This issue is now fixed and the device remains frozen.

Full-Disk Encryption

In Full-Disk Encryption Status reports and pages:

  • The Installed (Not encrypted) encryption status has been renamed Not encrypted.

  • The following statuses have been added to more accurately reflect the status of BitLocker Drive Encryption on a Windows device:

    • Decryption in progress
    • Suspended

    Note that in the Encryption Status widget on the Dashboard, the Suspended status is counted as Encrypted and the Decryption in progress status is counted as Not encrypted.

  • When BitLocker is the only encryption product installed on a fully decrypted device, BitLocker Drive Encryption is now reported as the detected encryption product.

Geolocation

  • User roles that are not granted View permissions for Geolocation can no longer view device locations by adding Geolocation-related columns to a report.
  • When viewing devices on a map, zooming in past a particular zoom level in Satellite view no longer causes the view to switch to Globe view.
  • The Google Wi-Fi Positioning algorithm has been enhanced to more accurately determine if a device has changed its location.
  • When a user restarts a Windows 10 or 11 device, the device is now immediately scanned for its current location.

  • Previously, some Geolocation features, such as the Map view icon and Unexpected location change rules, were intermittently not available in the console. This issue is now fixed.

  • For some customers that were migrated from Classic Geolocation to ABS 7 Geolocation, a message stating that Geolocation Tracking is not enabled may have showed when a user attempted to open the Classic Device Location History report. This issue is now fixed and the report opens as expected.

History > Events

  • The System information updated > System name event has been renamed System information updated > Device name.
  • The following Application Persistence events no longer return the Status Details in the Summary column:
    • App persistence remediated
    • App persistence remediation failed
    • App persistence device became compliant
    • App persistence device became noncompliant
  • The App persistence reason updated event is no longer created

Insights

  • The Username associated with a Chromebook device is now available in Device Usage related fields in Insights.

  • On the Application Usage - IT Dashboard, the Application Usage by Device Name visualization is now sorted by total minutes in use in descending order. Previously, it was sorted by application name in ascending order.

  • The Device Count & Map visualization now consistently shows device locations on the Alerts -Security, Risk, and Compliance Dashboard.

  • An issue has been resolved in which application usage data sometimes failed to be imported.

  • Previously, some visualizations on the following dashboards were slow to load data:

    • Executive Summary

    • Device Inventory - IT Dashboard

    • This issue is now fixed.

Investigations

  • If your account resides in the US Data Center (cc.us.absolute.com), the Investigation Report link provided in email notifications contained the URL for another data center. This issue is now fixed.

Language support

  • When you view the Absolute console in a language other than English, the title of the Upcoming Offline Device Freeze report now shows in the correct language.

Reports

 
  • A small progress notification dialog is now shown when you export any ABS 7 report. Previously, some reports used the Notifications indicator () to show the progress of the export.

  • You can now access the classic Activation Report by clicking the new Firmware Activation link in All Reports view of the Reports page, or from the Device report category.

  • Clicking a report's Refresh this page icon no longer removes all newly added report columns.

  • Previously, the Upcoming Offline Device Freeze report may have failed to show all devices with an outstanding Offline Freeze rule, or update the date shown in the Expected freeze date column for some devices. These issues are now fixed.

  • Number fields exported in reports are now properly recognized as number format and can be used in Excel in formulas and for sorting.

Rules

  • Duplicate rule names are now supported.

User Management and permissions

  • You can now export a report that contains information about each user in your account.
  • When suspending a user account, you can no longer select the current date in the Temporarily suspend until field.
  • On the Invite User dialog, the default setting for the Default User Session Timeout field is now set to 20 minutes instead of 60 minutes.