Absolute 7.21 Release Notes

This topic describes the software changes included in Absolute 7.21. It also describes the changes included in all hotfixes since the release of Absolute 7.20.

This release introduces performance, security, data integrity, and usability improvements that enhance the responsiveness, reliability, and ease of use of the system. It also introduces enhancements, improvements, and fixes to existing features and functionality.

To view the software changes introduced in this release that apply to the Absolute agent, see the Absolute agent release notes: Version 7.21.

NOTE  Depending on the Absolute product licenses associated with your account, some of the following features, enhancements, and fixes may not be available to you.

Features and enhancements

Features at or nearing end-of-life

Improvements and Fixes

Absolute 7.21 introduces the following improvements and fixes:


Improvements and fixes

Application Persistence

  • The scan frequency for some applications has been increased from every six hours to every 15 minutes.

  • In some cases, when the installer failed to download for some applications, the status details would incorrectly show that a restart was required to complete the reinstallation. This issue is now fixed.

  • The following Application Persistence policies have now been updated:

    • CrowdStrike Falcon®

      If a device has multiple versions of CrowdStrike Falcon installed, Application Persistence reports now show information on the most recently installed version of the application

    • FortiClient® VPN

      Policies for FortiClient VPN now check for both Fortinet Technologies (Canada) Inc. and Fortinet Technologies (Canada) ULC as signers for the services being monitored for health checks

    • Kaseya Agent

      Policies for Kaseya Agent now check for both Kaseya Corporation and KASEYA HOLDINGS INC. as signers for the services being monitored for health checks

    • ManageEngine Desktop Central

      Policies for ManageEngine Desktop Central now support versions of endpoint agent that are named Manage Engine Desktop Central - Agent, Manage Engine Central - Agent, or ManageEngine Endpoint Central.

    • McAfee® ePolicy Orchestrator

      Policies for McAfee ePolicy Orchestrator have been renamed to Trellix ePolicy Orchestrator® and support both McAfee ePolicy Orchestrator or Trellix ePolicy Orchestrator as the application name for versions 5.6.x or higher.

    • Microsoft Defender Antivirus

      If Policies for Microsoft Defender Antivirus had Cloud-delivered protection, Automatic sample submission, Tamper protection (report only), or Potentially unwanted applications (PUA) protection selected in the Application Persistence policy configuration, but they were not enabled in Windows Security, the Status details for the device showed status: Non-compliant, reason: The command task is not executed(expect to execute). This has been changed so the Status details now show the script return code that was expected and the code that was returned, as well as a scriptErrorMessage that indicates the configuration that didn't match. For example, if Tamper protection (report only) is selected in the Application Persistence policy, but it is not enabled in Windows security, the Status details now shows status: Non-compliant, reason: returnValue(expected/actual):1/2 and scriptErrorMessage: Tamper protection: disabled.

    • Microsoft SCCM

      • In some cases when you configured an Application Persistence policy for Microsoft SCCM that included a configuration file, the policy wasn't able to repair or reinstall Microsoft SCCM. This issue is now fixed.
      • Policies now allow you to enter the location of the folder that contains ccmrepair.exe for cases where the location has been changed from the default
    • Symantec Endpoint Protection

      Policies for Symantec Endpoint Protection now support multiple signers for version 14.2.x or higher. Some files used in the health checks for Symantec Endpoint Protection are now signed by Broadcom Inc. If Symantec Endpoint Protection is reporting Not Compliant because the signer is incorrect, you can now configure the signers in the policy. See more

    • Zscaler Client Connector

      Policies now only check to see if the ZSATrayManager (ZSATrayManager.exe) service is installed, and no longer check if the service is running


  • When exporting the All Devices page, the report name now shows as All Devices, not Active Devices.

Chromebook support

  • The Chromebook Settings now displays more detailed error reporting when there is an error syncing with the Google Admin console.
  • When you clear the selection beside an OU on the Chromebook Settings page, a warning now appears to let you know that the devices in the OUs will be unenrolled from the Absolute console if you continue.


  • When opening a report from a widget, the Save and Reset to default options are no longer available in the menu. To save the filtered view of the report, use the Save As option.

Device Details

  • To remove ambiguity, the banner text has been updated in all Pending status alert banners. For example, the text "Pending Freeze request on <date and time>" is now "Freeze requested <date and time>".
  • All device action buttons are now grayed out when a device is Disabled or Reported Stolen. Device actions are not supported on unenrolled or stolen devices.
  • If a Report Found button shows in a missing device status alert banner, the Report Found action no longer shows in the device action menu.
  • If a Cancel button shows in the status alert banner for a pending script, the Cancel All Scripts action no longer shows in the device action menu.

Device Usage

  • You can now export up to 30 days of device usage information for multiple devices. The new Export usage... action is available in the menu of the following console pages:
    • Device Usage report
    • Assets > All Devices page
    • Assets > Missing Devices page

    Learn more

Email services

  • In some cases, users received multiple email notifications when a single location change occurred on a device. This issue is now fixed.

Full-Disk Encryption

  • A new encryption status has been added to all pages, reports and widgets that show a device's encryption status. The Used Space Encrypted status is now shown for a Windows device when all disk space that contains data is encrypted by BitLocker Drive Encryption, but free space is not encrypted.

    NOTE  This status indicates that the Used Disk Space Only encryption option is enabled in BitLocker. For more information about this option, see Microsoft BitLocker Drive Encryption documentation.

  • When Dell Encryption is enabled on a device with a TCG self-encrypting drive, Dell Encryption is now reported as the detected encryption product.
  • When Dell Encryption is installed but not enabled on a device with a TCG self-encrypting drive, scan results are now uploaded as expected.


  • While working in map view (), you can now click in the page footer to refresh the map and show your device's most recently reported location.

Hardware data collection

  • For the M2 chip models of MacBook Air and MacBook Pro, the device's Model is now reported correctly.

History > Actions

  • A Certificate of Sanitization is now generated for completed Delete All Files wipe requests. You can view and download the certificate from Action History. Learn more


  • Usernames are now displayed in the correct letter case in the Application Usage dashboard.
  • The following changes were made to the Application Health Status - IT Dashboard:

    • Removed the following visualizations:

      • Persistence Event Count

      • Report and Repair Heatmap (also removed from the Executive Summary Dashboard)

    • Added the following visualizations:

      • Device Count & Map: coordinate map showing the device count by geographical location

      • Top Devices with Repair Status (New!): shows the 50 devices with the most repairs, broken down by repair status

    • Changed the Application Repair/Reinstall Status visualization to a time series that shows the change in status, week over week

    • The Non-Compliance Week over Week visualization now shows application and device count breakdowns across both Compliant apps and Non-compliant apps.


  • You can now include a link to a webpage in a message.
  • You can now successful schedule a message for a later time on the current date.
  • On a Chromebook, you no longer need to scroll to the bottom of a long message to snooze a message or submit a response.
  • In some cases, a new message was not displayed on a Chromebook until the user logged out and logged back in. This issue is now fixed.



  • You can now delete a user-defined report directly from the Reports page. To do so, click > Delete to the right of the report name.
  • Previously, if your user role was assigned to a single Classic device group, the Installed Applications report was not limited to the device group's devices when the report was exported. This issue is now fixed.

  • When the Application Persistence report was opened from the Application Health widget, or the Application Persistence Events report was opened from the Repairs and Reinstalls widget, the reports opened with the correct filters, but they only showed the columns for BitLocker and SCCM. This issue is now fixed.


  • Users no longer receive multiple email notifications when a single location change occurs on a device.
  • Previously, in some cases, Operating system updated events were triggered when no actual change occurred. If a rule was based on this event, this issue caused multiple false email notifications to be sent. This issue is now fixed.
  • When the Absolute agent makes a self healing call that triggers a rule, the email notification is now sent in a more timely manner.

SIEM integration

  • Previously, you could not successfully install the SIEM Connector if you entered one or more IP addresses in the Approved IP Address field of the API token. This issue is now fixed.

User Management and permissions

  • The Geofences permission has been removed from all user roles. The ability to view and work with geofences in the Rules area is now controlled by View and Manage permissions for Rules.
  • Previously, roles with only View permissions for both Policies and Insights were able to change the configuration of the Include Application Usage data setting for the Installed Applications policy on a policy group's Settings page. This issue is now fixed. The setting is now grayed out for these roles.

  • Custom roles based on one of the following roles and also granted View permissions for Endpoint Data Discovery reports can now view a device's EDD Summary page:

    • Security Power User
    • Power User
    • Guest User


  • The Windows Image Prep Tool has been updated to support the new core agent installer package (AbsoluteWinCoreAgent-<agent version>-<account_id>.zip ). Learn more

Web Usage

  • When filtering the Web Subscriptions report by Average Usage, the usage time is now entered in hours and minutes, not seconds.
  • The following Custom Field columns can no longer be added to the Web Usage (Last 7 Days) report: Classroom, Grade Level, Program Type, School, and User Type.

    NOTE  These columns were available to select accounts only.


  • Devices with an encryption status set to Used Space Encrypted, which is a new status, are eligible for Cryptographic Wipe.