Secure Endpoint release notes - Version 9.1 hotfixes

In addition to monthly security updates, this topic describes the software changes included in all hotfixes since the release of Secure Endpoint 9.1.

To view the software changes that apply to the Secure Endpoint Agent, see the Secure Endpoint Agent release notes - Version 9.1 hotfixes.

Depending on the Absolute product licenses associated with your account, some of the following features, enhancements, and fixes may not be available to you.

December 2024 improvements and fixes

Feature/Area	Details
Application Health	The SNG component A lightweight software component of the Secure Endpoint Agent that detects software applications installed on a device. The SNG component is deployed on a device only when the device is associated with a policy group in which the Installed Software policy is activated. of the Secure Endpoint Agent is now responsible for collecting application health information. As a result of this enhancement: The OPS component is no longer required. It has been removed from devices that are actively connecting to the Absolute Monitoring Center. In each policy group, the Include Health data option no longer shows under the Installed Applications policy, as it is no longer required. Now, when a device is assigned an Absolute Resilience license1, application health information is collected automatically when the Installed Applications policy is activated. The health status of anti-malware and full-disk encryption applications is now more consistently reported across all applicable pages in the console, such as the Installed Applications report and each device’s Device Details page. If the application has an Encryption status of Used Space Encrypted, Encryption In Progress, or Decryption in Progress in the Full Disk Encryption Status report, the application health status will be reported as Unhealthy. The following unhealthy reasons have been added: Anti-malware definition out of date Anti-malware not active File not trusted by OS Not fully encrypted The following unhealthy reasons no longer apply: Application not running One or more files not signed Real-time protection disabled These changes are only available on devices running Secure Endpoint Agent 9.1.0.1 or higher.
Freeze	Previously, in some cases, you couldn’t enter the unfreeze code on a frozen Mac device. This occurred when the Freeze message wasn’t the active window, so it wouldn’t accept keyboard input. This issue is now fixed. The Freeze message is now always the active window.
Geolocation Tracking	GPS is no longer available for selection when you add the Geolocation technology > Type filter to a device report or page. GPS locations are included in the OS Location type.
Investigations and Geolocation	Device location information is now hidden for devices with an active theft report that was opened before the release of Secure Endpoint 9.1.0.2 at the end of October. For more information, see the details in the previous release.
Insights	For those customers that purchased Absolute Insights add-on licenses, Insights has been replaced by an in-console user experience, which is available via a beta program. As a result: The Insights link has been removed from the navigation bar. The Insights permission has been removed from the list of permissions shown in the User Management area.
License management	Previously, when viewing the report of ineligible devices for a policy in the Policies > Policy Groups area, the report may have contained incorrect results if some devices were assigned multiple licenses. This issue is now fixed.
Rules	If you edit an Action rule by replacing Device location with another device state, and the Show device location on map option is selected for the Email action, the rule is now saved successfully. If an Action rule contains a Device location condition, you can no longer add the Reported Stolen is Yes condition to the rule. When you add the Reported Stolen is Yes condition to an Action rule, the following actions, which are not supported on stolen devices, are no longer available for selection: Freeze Run script Send message
Secure Endpoint Agent	The full agent installers for Windows and Mac no longer include the OPS component. Also see Application Health. The Secure Endpoint Agent now supports communication over IPv6-enabled networks. If IPv6 is enabled for your network: Your devices' Local IPv6 address and Public IPv6 address fields are now populated. Geolocation based on a device’s public IPv6 address is now available. The IPv6 address field for each network adapter is now populated. You can now filter reports and smart device groups by IPv6 address. You can create Alert and Action rules based on IPv6 address.
Wipe	In some rare cases, a Windows device may have failed to reboot after a Cryptographic Wipe was completed. As a result, the OS wasn’t disabled, and the device could be decrypted using the old BitLocker recovery key. This issue is now fixed. Previously, when you created a Delete All Files Wipe request and selected the Disable the Windows OS option, the device may have failed to reboot and the operating system was not disabled. This issue is now fixed.

Late October 2024 improvements and fixes

Feature/Area	Details
Action rules (New!)	In the Policies > Rules area, you can now configure and activate a rule that automatically triggers one or more actions when a device state change event is logged to Event History. Action rules support the following actions: Change policy group Freeze Run script Send message Email Learn more
Agent Management Tool for Mac	The Agent Management Tool for Mac has been updated to support devices running macOS 15. Tool functionality remains unchanged, but its file name has changed from DDSInfo to AbtMT. To verify installation of the Secure Endpoint Agent for Mac, or to force a call, download the new version of the tool.
Application Resilience	The Report, repair and reinstall option is now available for Microsoft Defender for Endpoint. When this option is selected, you can upload a local onboarding script that will onboard a device if it's not onboarded. Learn more
Device Details	Theft report events are now shown on a device's History page.
History > Actions	In the request overview dialog on the Actions page, the Scheduled date for a Scheduled Freeze request is now shown in local device time.
History > Events	The following event is now logged to Event History: Failed to add device to policy group This event is logged only when a device fails to move to the specified policy group when an Action rule is triggered. The following events are now logged to Event History for Offline Freeze rules: Offline freeze set Device freeze failed Device freeze removed by passcode The following event is now logged to Event History for Scheduled Freeze requests: Scheduled freeze ready Theft report events now show more information in the Summary area of the Events page, such as: The status of the theft report The reason for the theft report status The police report file name (if it was uploaded later) Previously, in some rare cases, when an Agent self healing call event was logged, a duplicate event was logged two months later. This issue is now fixed. Previously, for accounts with a very large number of devices, attempts to filter the Events page may have failed to generate any results because the request took too long to be processed. This issue is now less likely to occur.
Investigations and Geolocation	For the safety of Absolute customers, and to maintain the integrity of the theft investigation, a stolen device's location is now hidden until the Investigations team closes the theft investigation. Specifically, a stolen device's location is no longer visible in the following areas of the console: Device Details: Overview History Location History Map view of any report or page that lists devices Geolocation-related report columns History > Events page (geolocation-related events are not logged) This enhancement also applies to queries to the Absolute API. After the investigation is closed, the device's current location shows in the console. Note that location information that was collected during the investigation is not included in the device's location history. This enhancement only applies to devices that are reported stolen after the release of Secure Endpoint 9.1.0.2 at the end of October. Devices with existing theft reports are not affected.
License management	In the License Management area, the Report on Products page is now available for accounts with license types that do not limit enrollment, such as site licenses and Enterprise License Agreements. Note that since the Available column is not applicable to these license types, it is hidden. If a device in the Global Policy Group is frozen by an Offline Freeze rule when its license is changed, the device now remains frozen.
Policy groups	To delete a policy group that is referenced in an Action rule, your user role needs the Manage permission for Rules. Note that deleting the policy group automatically deactivates the rule.
Reach scripts	To edit a custom script that is referenced in an Action rule, your user role needs to be granted the Manage permission for Rules. If you can't or don't want to edit the script, you can now Make a copy of the script and edit the copy. Learn more To delete a custom script that is referenced in an Action rule, your user role needs to be granted the Manage permission for Rules to delete the script. Note that deleting the script automatically deactivates the rule.
Reporting	Previously, the (Remove filter) icon may have been obscured if the width of the filter fields exceeded the width of the dialog (for example, using the between operator with a long filter name). This issue is now fixed. Previously, using the SHIFT key to select consecutive items in some large reports may have produced unexpected results. This issue is now fixed.
Third-party integrations	Absolute Secure Endpoint can now be integrated with Forescout^® eyeSight using the Absolute Connector for Forescout eyeSight. This integration allows Forescout Console users to: View Absolute data points in the Forescout Console. Configure policies based on Absolute data points to assess the compliance status of devices before granting access to corporate resources. Configure policies that trigger a Freeze, Send Message, or Remove Freeze action when a specified condition is met. Learn more

Early October 2024 improvements and fixes

Feature/Area	Details
Application Resilience	A new option, Do not reinstall or upgrade if the app is already installed, is now available when you’re configuring the Report, Repair, and Reinstall option for the following applications: Microsoft SCCM Tanium Deep Instinct VMware Workspace ONE
Bulk actions	Previously, if you uploaded a file of device identifiers and submitted a bulk device action, such as a Freeze, the action may have failed unexpectedly, or its status may have been reported inconsistently in different areas of the console. This issue is now fixed. This issue only applies to accounts in the EU data center (cc.eu2.absolute.com).
Chromebook support	A new version of the Chromebook extension has been released. Version 2657 of the extension now receives messages using the latest Google Cloud Messaging API, which offers enhanced security and customization. On Chromebooks running Chrome OS version 120 or lower, a small notification now shows momentarily when the device receives a message, such as a Freeze request, from the server.
Device groups	Previously, an incomplete list of device groups may have been shown in the device groups drop down menu in the following areas in the console: User management: assigning a device group to a user Custom fields > View and edit device fields: selecting a device group Bulk device action: assigning devices to an existing device group Device Analytics report: adding device groups to a new report This issue is now fixed. Previously, deleting a smart group and then navigating to the Device Details > Groups page of any of the group’s devices resulted in a runtime error. This issue is now fixed.
History > Events	In the Summary area for a Send Message request, Message name has been changed to Message request name to more accurately reflect the information provided.
Geolocation	To help you identify devices that are failing to report a Wi-Fi location, a new filter, Geolocation technology > Wi-Fi error, can now be added to device reports. A corresponding report column is also available. For example, you can use the new filter to identify Mac devices that are not reporting a Wi-Fi location because the device user did not allow Absolute Secure Endpoint to collect location information. Learn more On the Location History page in Device Details, the Last known location field now shows the date and time when the location was detected on the device, not the time the location information was uploaded. To improve the accuracy of a device's reported location, the location date and time now corresponds to when the location scan ended on a device, not when it started.
License management	If a device that is assigned a Lenovo Security Assurance license is unenrolled, it is now automatically reassigned the Lenovo Security Assurance license when it is re-enrolled. When a device's license is removed due to a license buyback agreement, an equivalent license, if available, is now automatically assigned to the device. The console banner that shows when licenses are due to expire in the next 30 days no longer includes devices with an expired license when the device’s status is one of the following: Frozen Missing Reported stolen To ensure that all unlicensed devices are shown in the report that opens when you click View devices in the unlicensed devices banner, the following filter has been added to the report: Final license expiration date is empty. Learn more
Reach scripts	The following script is now available in the Script library: Dell Trusted Device Import. You can run this script to inspect a Dell Trusted Device Agent installation, and then show the results in Custom Fields in the console. For more information about running this script, view the script in the Script library.
Reports	To improve the reporting of a device's most recent agent connection: The Last connected field and report column now shows the date and time when the component manager The component manager (also known as CTES) is installed on top of the core agent and manages the agent components responsible for initiating device actions and collecting device data. Most agent components are controlled by policies, such as the Hardware and Installed Applications policies. The component manager typically connects to the Absolute Monitoring Center every 15 minutes, at a minumum, to send device data and receive instructions. last connected to the Absolute Monitoring Center. Previously, it also included core agent connections. For online devices, connections by the component manager typically occur every 15 minutes, at a minimum. A new report column, Last core agent connection, is available. This column shows the date and time when the core agent The core agent (also known as rpcnet) is a small software client that resides in devices that are managed in the Secure Endpoint Console. After the core agent is initially installed on a new device, it is activated with its first connection to the Absolute Monitoring Center and the device is enrolled in Absolute. The core agent then makes scheduled connections every 24.5 hours. last connected to the Absolute Monitoring Center. For online devices, core agent connections typically occur every 24.5 hours. You can add the Last core agent connection column to any device report using > Edit columns. The Last connected field on a device's Device Details page now shows the date and time when the device's component manager last connected to the Absolute Monitoring Center. The Last connected column is no longer a default column in the Upcoming Offline Device Freeze report, but you can add it using > Edit columns. The new Last core agent connection filter and report column have been added as defaults to the Dark Devices report. Note that the addition of the Last core agent connection filter does not change the report results. Learn more
Secure Endpoint Agent	The agent is now supported on devices running the macOS 15 operating system. For devices running macOS 15, Wi-Fi adapter speed can't be detected, so each Wi-Fi adapter's Speed field is empty. Previously, if automatic agent upgrades were disabled, a device may have upgraded to a new agent version if an internal error prevented the system from determining the device's policy group. This issue is now fixed. The device's agent is no longer upgraded.
Settings	If a user's username is too long to be displayed on one line at the top of the Settings menu, it is now truncated with an ellipsis. Hover over the username to view the full username in a tooltip.