Secure Endpoint 9.1 release notes

This topic describes the software changes included in Secure Endpoint 9.1.

This release introduces performance, security, data integrity, and usability improvements that enhance the responsiveness, reliability, and ease of use of the system. It also introduces enhancements, improvements, and fixes to existing features and functionality.

To view the software changes introduced in this release that apply to the Secure Endpoint Agent, see the Secure Endpoint Agent 9.1 release notes.

Depending on the Absolute product licenses associated with your account, some of the following features, enhancements, and fixes may not be available to you.

Features and enhancements

The following enhancements have been added to the EDD feature:

  • The following improvements have been added to the Device Details > EDD Summary page:
    • Each device's EDD Summary page has been updated to improve usability and introduce a more modern look. The file details dialog that opens when you click a file name on this page has also been updated.
    • You can now work with the EDD Summary page in the following ways:
      • Add and remove columns
      • Filter the data by Match Score and EDD rule
      • Save the page as a report
      • Export the page
      • To delete a file from a device, click the file name to view its file details and then click Delete file from this device.

      Learn more

  • When an EDD matched token includes special characters, the calculated Match Score now more closely aligns with expectations. For example, a date in the format dd/mm/yyyy now has a Match Score of 1 instead of 3.

Also see Feature at end-of-life.

The following enhancements have been added to User Management:

  • When a new user first logs in to the Secure Endpoint Console, their user preferences are now automatically set to the language, locale, and time zone set in their web browser. Administrators no longer need to set user preferences for a user. At any time, the user can update their user preferences in their user profile.

    As a result of this enhancement, the following fields have been removed from the Invite user and Edit user dialogs in the User Management area:

    • Default User Language and Locale
    • Default Time Zone

    On the Edit user dialog, the time zone currently applied to the user's profile shows under User preferences.

  • To improve security, session timeout due to inactivity is now set to 20 minutes for all users in all accounts, and it is no longer configurable. As a result, the Console Session Timeout field has been removed from all user profiles.
  • The Edit user dialog now shows the date and time when the user last logged in.
  • The Invite user and Edit user dialogs now have a cleaner look, and all settings are now shown on one page.

The following events are now logged to Event History:

  • Agent status updated
  • License updated on device
  • License assignment settings updated
  • Policy group created
  • Policy group updated
  • Policy group deleted
  • Device added to policy group
  • Purchase order added
  • Purchase order updated
  • Purchase order expired
  • Theft report closed
  • Theft report reopened

If desired, you can create an Alert rule based on any of these new events.

Policy group, purchase order, and license events are logged for accounts that have been migrated to version 2 of the License Management feature. If your account has not yet been migrated, these events are not logged.

Also note that in the current release, you can't create an Alert rule based on any of the purchase order events. This capability will be added in a future release.

The following Absolute script is now available in the Script Library:

  • Force an agent call

The script is available for both Windows (PowerShell script) and Mac (Bash script) devices.

Features at or nearing end-of-life

Absolute has retired the following Endpoint Data Discovery (EDD) features:

Feature Details
History report

The pre-defined History report has been retired. The link to this report is no longer available under Data Visibility in the Reports area.

Also, all user-defined reports based on the History report have also been retired. The links to these reports are no longer available under My Reports or Data Visibility in the Reports area.

To monitor devices with at-risk file content, use the other Data Visibility reports, or each device's EDD Summary page.
Exclude files from EDD reporting

The File Actions menu, which contained the following options, has been removed from the EDD Summary page in Device Details:

  • Ignore on all devices
  • Report
  • Delete file...

As a result, the following interface elements are also removed from this page:

  • Show ignored files checkbox
  • Reporting Status column in each EDD rule section

In an upcoming release of Absolute Secure Endpoint, Absolute plans to retire the following features because device action requests are more easily tracked using the History area of the console:

Feature Details
Event History report

The pre-defined Event History report will be retired, and the link to this report will be removed from the Events report category in the Reports area. All user-defined reports based on the Event History report will also be retired.

After the report and page are retired, you can track actions as follows:

  • Go to Action History to track your Freeze and Run Script requests.

  • Go to Event History to track your Manage Supervisor Password requests and triggered Offline Freeze rules.
Device Details > Event History page

The Event History page in a device's Device Details will be retired.

After the page is retired, you can track a device's actions as follows:

  • Go to the device's Actions tab to track its Freeze and Run Script requests.

  • Go to the device's History tab to track its Manage Supervisor Password requests and triggered Offline Freeze rules.

Improvements and fixes

Absolute 9.1 introduces the following improvements and fixes:

Feature/Area Details
API management
  • Previously, only the user that created an API token could view, edit, and delete an API token. Now, all users assigned to the default System Administrator role can view, edit, and delete all API tokens that belong to the account. Note that if the user associated with a token is suspended, a default System Administrator can delete, but not edit, the token.
  • API tokens are now sorted to show tokens with the earliest expiry date first, so that you can quickly see tokens that have expired or will expire soon. In addition, Expired and Suspended labels now help you review API token status at-a-glance.
Application Resilience
  • For added security and improved interoperability, all PowerShell scripts that are used to run Application Resilience health checks are now signed by Absolute. Previously, the scripts for only some resilient applications were signed.
  • When a device is enrolled in Microsoft Intune and a script error occurs during the application's health check, the device's application Status now shows Compliant instead of Not Compliant.
  • Previously, the Application Resilience widget may have timed out and failed to load data if there was a large amount of data. This issue is now fixed.
Applications
  • Previously, if Panda Dome was installed on a Windows device, its version number may have been reported incorrectly in Application pages and reports. This issue is now fixed.
Authentication
  • After creating or resetting a password, you are now redirected to the correct login page for your data center.
Chromebook support

  • A new Chromebook extension has been released. Version 2653 of the extension includes the following improvements:

    • If a looped audio or video file is playing on a Chromebook device over an extended period of time, the minutes of detected device usage are now more accurate.
    • Performance and logging improvements
Custom Data
  • To help you identify devices impacted by the system crash caused by the CrowdStrike configuration update on July 19, 2024, a new default data point, CrowdStrike C-00000291, was made available on July 29, 2024. Learn more
  • If an Absolute Resilience product is not associated with your account, the Custom Data page no longer includes the following items, which are not supported for your product:
    • Download Builder link
    • Create data points button
Dashboard
  • Previously, if you updated the quick filter shown on the following widgets, the widget data didn't update until you manually refreshed the page:
    • Dark Devices widget
    • Encryption Status
    • Repairs and Reinstall

    This issue is fixed. The widget data now updates automatically.
Device actions
  • When performing any action available in the Device Actions menu, such as Freeze, Delete file, Change license, and Change policy group, the "save" button now shows the total number of devices that the action will be performed on.

    For example: Freeze 7 devices
Email services
  • The Absolute logo is no longer a broken image in Missing Device Checked In email notifications.
  • To simplify the map in the email notification for a triggered Location rule, markers for secondary locations have been removed and now only the primary location marker shows.
Endpoint Data Discovery (EDD)
  • The following fixes were added to the Endpoint Data Discovery section on the Device Details > Policies page:
    • If a device is newly enrolled, the page now shows the correct next delta scan date, instead of Jan 1, 1970.
    • Clicking show details next to a failed delta scan warning now opens a dialog showing the failure reason instead of an internal error.
Freeze
  • When scheduling a Freeze, Device local time is now shown next to the On or after a certain date option to indicate that the date and time fields are applied in the device's time zone (for example, if you select 13:00, the message will show on the device at 1 p.m. local time).
  • If you create a new message while submitting a Freeze request, you can now edit the name of message. The message name is assigned to the message template when you select the Add the message to library option.
  • Previously, after you unfroze a Mac device using its unfreeze code, the desktop may have been shown instead of the Mac login screen. This issue is now fixed.
Full Disk Encryption Status
  • If Windows cancels a WMI call while a Full Disk Encryption Status scan was in progress, the device's Encryption Status is no longer erroneously reported as Unencrypted.

  • Previously, a Windows device's BitLocker Drive Encryption version number may have been reported incorrectly in reports and the device's Device Details page. This issue is now fixed.
Geolocation on Mac devices
  • The Geolocation Tracking feature now uses Apple Core Location to detect Wi-Fi locations on Mac devices.

    Note that after this enhancement is deployed, each device user will be presented with a dialog containing the following prompt: "Absolute Secure Endpoint" would like to use your current location.

    For Wi-Fi locations to be collected, all device users need to click Allow in this dialog. The dialog is displayed only once to each device user.

    Note that if a user clicks Don't Allow, Wi-Fi locations will not be collected when that user is logged in. To fix this issue, instruct the user to go to System Settings > Privacy & Security > Location Services and turn on Location Services for Absolute Secure Endpoint. For more information about turning on Location Services for an application, see Apple documentation.

    Also note that when no users are logged in to a Mac device, Wi-Fi locations are not collected.
Hardware data collection
  • Previously, a Windows device's disk serial number may have erroneously updated to a blank value in the console, which may have triggered an alert. This issue is now fixed.
  • After an OS upgrade on a Mac device , the new OS version is now reported instead of the previous version.
History > Events
  • When you export a report of User login events, the report now shows the IP address associated with each event.
History > Action Requests
  • For Send Message requests that are not scheduled for a future date, the request summary of each request now shows Created <date and time> by <user> instead of Scheduled < date and time> by <user>.
  • When you filter the Action Requests page by Delete File or Unenroll actions, you can no longer create a scheduled report based on the filtered page. As a result, the icon has been removed from the action toolbar in the filtered view of the page.
License management
  • Your account's License enforcement status is now shown on the License Assignment Settings dialog. Possible statuses are:
    • Enabled: applies to all standard license types that limit enrollment
    • Disabled: applies to license types that do not limit enrollment, such as site licenses and Enterprise License Agreements
Reach Scripts
  • When a Windows device's preferred language is set to Japanese:
    • Running the following script on the device resulted in an empty output file: Collect information about files from a specified folder. This issue is now fixed.
    • Script parameters that contain unicode characters are now displayed correctly on the device.
Reports

  • When scheduling a report, you can now select a time in addition to the date. The default time is 12:00 a.m. in the user's time zone.

    Note that scheduled reports are generated on the hour (for example, UTC-08:00). If your user profile is set to a time zone that has a 15, 30, or 45 minute offset from UTC, report generation is delayed until the next full hour.
Rules
  • Custom rules have been renamed and are now labeled Alert rules.
SCIM integration
  • SCIM integration now officially supports the following IdPs:
    • ForgeRock
    • OneLogin
    • PingOne
Send message

  • When creating a Send message request, the request name is required. If you leave the request name field blank, the field is populated with the default request name, Message - <date>.

    If the requestTitle parameter is left blank when creating a Send message request using the POST /actions/requests/eum endpoint, the request name is also populated with the default request name.

  • When scheduling a Send message request, Device local time is now shown next to the On or after a certain date option to indicate that the date and time fields are applied in the device's time zone (for example, if you select 13:00, the message will show on the device at 1 p.m. local time).
  • Because the Has Service Guarantee custom field is not editable, the following options are no longer available when you add this field to a message:
    • Required input
    • Input
Unenroll Device
  • Before submitting a new Unenroll Device request, you must now select a Confirmation checkbox to acknowledge that the action can't be canceled or undone after it is submitted. You can also review the list of selected devices.
User Management and permissions
  • If your user role is not granted View or Manage permissions for Authentication, you can no longer view the Authentication settings page in the Settings area. If your user role is granted the View permission only, the Enable and Disable buttons shown in each section on the page are now grayed out.