Secure Endpoint Agent 11.0 release notes

If automatic agent updates are disabled, you can assign an agent version to your account's Windows and Mac devices to prevent agent upgrades.

To determine if you want to assign agent version 11.0, review this topic to learn about the improvements included in this version of the Secure Endpoint Agent.

To learn about all features, enhancements, and fixes introduced in Secure Endpoint 11.0, see the Secure Endpoint 11.0 release notes.

About the Secure Endpoint Agent

The Secure Endpoint Agent is a small software client that resides on devices that are managed in the Secure Endpoint Console. After the agent is initially installed on a new device, it's activated with the first connection to the Absolute Monitoring Center.

Each agent package includes software specific to its supported operating system, including the agent and its associated agent components, an installer, and a readme file.

System requirements

Secure Endpoint Agent 11.0 supports devices running the following operating systems:

Operating system	Supported versions
Windows	Windows 11: Windows 11 Home Windows 11 Pro Windows 11 Enterprise Windows 11 IoT Enterprise editions Windows 11 SE Note that due to restrictions imposed by Microsoft, the following features aren't supported on Windows 11 SE: Application Resilience: applications that require PowerShell for health checks, unless otherwise noted Custom Data: data points that use PowerShell scripts Reach Scripts: all PowerShell scripts Windows 11 ARM-based devices are supported. Microsoft ended its standard support for Windows 10 on October 14, 2025. We recommend upgrading to Windows 11 for ongoing security updates and full feature support. Windows Server 2022 Datacenter Edition Note that the following features aren't supported on Windows Server 2022 Datacenter Edition: The detection of installed anti-malware applications Device Wipe Geolocation tracking Playbooks (Absolute Rehydrate)
Mac	macOS 14, 15, and 26

Operating system

Supported versions

Windows

Windows 11:
- Windows 11 Home
- Windows 11 Pro
- Windows 11 Enterprise
- Windows 11 IoT Enterprise editions
- Windows 11 SE
  Note that due to restrictions imposed by Microsoft, the following features aren't supported on Windows 11 SE:
  - Application Resilience: applications that require PowerShell for health checks, unless otherwise noted
  - Custom Data: data points that use PowerShell scripts
  - Reach Scripts: all PowerShell scripts
Windows 11 ARM-based devices are supported.

Microsoft ended its standard support for Windows 10 on October 14, 2025. We recommend upgrading to Windows 11 for ongoing security updates and full feature support.
Windows Server 2022 Datacenter Edition

Note that the following features aren't supported on Windows Server 2022 Datacenter Edition:
- The detection of installed anti-malware applications
- Device Wipe
- Geolocation tracking
- Playbooks (Absolute Rehydrate)

Mac

macOS 14, 15, and 26

Latest agent component versions

The following agent components are associated with Secure Endpoint Agent 11.0.0.3:

Agent or component	Windows version	Mac version
Core agent The core agent (also known as rpcnet) is a small software client that resides in devices that are managed in the Secure Endpoint Console. After the core agent is initially installed on a new device, it is activated with its first connection to the Absolute Monitoring Center and the device is enrolled in Absolute. The core agent then makes scheduled connections every 24.5 hours. (rpcnet)	8.6006.0.1245	7002
Component manager The component manager (also known as CTES) is installed on top of the core agent and manages the agent components responsible for initiating device actions and collecting device data. Most agent components are controlled by policies, such as the Hardware and Installed Applications policies. The component manager typically connects to the Absolute Monitoring Center every 15 minutes, at a minumum, to send device data and receive instructions. (CTES)	1.0.0.4058	1.0.0.4058
Core Service (CTESPersistence)	2.0.1.17	1.0.3.14
Anti-Malware (AVP)	1.0.13.19	1.0.11.42
Application Resilience (RAR)	7.16.1.19	N/A
Custom Data (CDC)	1.0.13.56	N/A
Data Discovery (DARAgent)	11.0.2.7	11.0.2.2
Device Usage (DUR)	1.0.10.13	1.0.8.26
End User Messaging (EUM)	1.0.5.20	1.0.4.9
File Delete (SDD)	1.0.9.20	1.0.9.8
Freeze (DFZ)	1.0.10.4	1.0.5.18
Full-Disk Encryption (ESP)	1.0.11.22	1.0.10.26
Geolocation (GEO)	1.0.15.34	1.1.2.57
Hardware (HDP)	2.0.17.27	1.0.13.38
Installed Applications (SNG)	1.0.16.97	1.0.12.27
Manage Supervisor Password and Playbooks (PER)	1.0.8.50	N/A
Reach Script (ANS)	1.0.5.15	1.0.7.5
Web Usage (WMA)	11.0.2.3	N/A
Wipe (SDW)	1.0.8.19	1.0.4.5

You can view the version number of a device's core agent and component manager on its Details > Summary page.

Agent improvements and fixes

Version 11.0.0.4
Version 11.0.0.3
Version 11.0.0.2
Version 11.0.0.1
Version 11.0

Version 11.0.0.4 of the Secure Endpoint Agent includes improvements and fixes to the following agent components:

Component	Component version	Fixes and improvements
Windows
Manage Supervisor Password and Playbooks (PER)	1.0.8.50	Previously, after restarting a device, if the PER component detected an incorrect boot order, it suspended BitLocker, updated the boot order, and did not re-enable BitLocker. This issue is now fixed. BitLocker is no longer suspended unnecessarily, and if it is suspended, it is re-enabled with the next reboot. Previously, device users may have been unexpectedly presented with the BitLocker recovery prompt after their device upgraded to agent version 11.0.0.3 (PER version 1.0.8.47). This issue is now fixed.

Version 11.0.0.3 of the Secure Endpoint Agent includes improvements and fixes to the following agent components:

Component	Component version	Fixes and improvements
Windows
Application Resilience (RAR)	7.16.1.19	Previously, the RAR component could incorrectly report an older version number when scanning certain system files on Windows 11. This issue is now fixed.
Component manager (CTES)	1.0.0.4058	Previously, in certain rare cases, the Secure Endpoint Agent failed to launch device freeze actions due to the use of an incorrect hash type during signature verification. This issue is now fixed.
Core Service (CTESPersistence)	2.0.1.17	Security of the CTESPersistence component has been improved by removing hardcoded internal build-system file paths to prevent potential disclosure of internal infrastructure details. Severity: Low. The CTESPersistence component now correctly detects when it cannot reach search.namequery.com and no proxy is configured. In these cases, it stops trying to impersonate a user for proxy access and logs a clear error indicating that the required download URL could not be reached. Fixed an issue where the CTESPersistence component could not download and install CTES on some FIPS-enabled Windows devices. The CTESPersistence component now uses an updated hashing implementation so it can validate and install older CTES packages while still supporting newer configuration formats.
Data Discovery (DARAgent)	11.0.2.7	The DARAgent component and its bundled third-party libraries have been updated with the latest security fixes and hardening improvements. These updates reduce exposure to memory-safety, input-validation, and null-dereference issues in components used for endpoint scanning and content inspection, including embedded document-filtering libraries. These updates also address several critical and high-severity vulnerabilities in transitive third-party library dependencies, including CVE-2025-15467, CVE-2025-68160, CVE-2025-69419, CVE-2026-25210, CVE-2026-24812, and others.
Hardware (HDP)	2.0.17.27	Fixed an issue where hardware inventory payloads could report WMI errors at the individual field level instead of at the whole class level. The HDP component now treats any WMI error in a class as a failure of the entire class, ensuring those classes are reported only in the error section and omitted from the inventory data. Logging improvement.
Manage Supervisor Password and Playbooks (PER)	1.0.8.47	The PER component has been updated to support automated playbook actions (also known as Absolute Failsafe). Learn more The PER component now resets the partition status on startup so that if it fails to create the recovery partition, it will retry on the next device boot. The PER component now checks whether the installed version of the CTES component supports reboot notifications, avoiding cases where a reboot is required but no prompt is shown to the user. If the CTES version is too old, the PER component now delays the reboot prompt until CTES is upgraded to a supported version. When Windows is reinstalled on a Playbooks provisioned device, the device no longer ends up with two Absolute Bootloader files. The original file is now removed. Logging improvements.
Web Usage (WMA)	11.0.2.3	The WMA component and its dependencies—including OpenSSL, ctescommon, ctescommon-provider, logservice, and message broker—have been updated with the latest security fixes and reliability improvements. These updates also address several critical and high-severity vulnerabilities in transitive third-party library dependencies, including CVE-2025-11187, CVE-2025-15467, CVE-2025-66199, CVE-2025-68160, CVE-2025-69419, and others.
Mac
Component manager (CTES)	1.0.0.4058	The CTES component has been updated to include hardened file permissions for installation and now uses a universal framework binary supporting both Intel and Apple silicon Macs.
Data Discovery (DARAgent)	11.0.2.2	The DARAgent component and its bundled third-party libraries have been updated with the latest security fixes and hardening improvements. These updates reduce exposure to memory-safety, input-validation, and null-dereference issues in components used for endpoint scanning and content inspection, including embedded document-filtering libraries. These updates also address several critical and high-severity vulnerabilities in transitive third-party library dependencies, including CVE-2025-15467, CVE-2025-68160, CVE-2025-69419, CVE-2026-25210, CVE-2026-24812, and others.

Version 11.0.0.2 of the Secure Endpoint Agent includes improvements and fixes to the following agent components:

Component	Component version	Fixes and improvements
Windows
Full-Disk Encryption (ESP)	1.0.11.22	Previously, when BitLocker was disabled on a device and a 64-bit DPAgent process was present, the ESP component failed to complete its encryption scan and the device's Encryption Status was not updated in the console. This issue is now fixed.

Component

Component version

Fixes and improvements

Windows

Full-Disk Encryption

(ESP)

1.0.11.22

Previously, when BitLocker was disabled on a device and a 64-bit DPAgent process was present, the ESP component failed to complete its encryption scan and the device's Encryption Status was not updated in the console. This issue is now fixed.

Version 11.0.0.1 of the Secure Endpoint Agent includes improvements and fixes to the following agent components:

Component	Component version	Fixes and improvements
Windows
Component manager (CTES)	1.0.0.4054	The CTES component was updated to support the new System restart configuration for Playbooks policies. Learn more
Full-Disk Encryption (ESP)	1.0.11.20	Fixed an issue where a Windows Management Instrumentation (WMI) error during an ESP scan could cause some devices to appear as unencrypted even though they were still encrypted. When these WMI management exceptions occur, the scan is now halted and no encryption payload is generated, preventing an incorrect encryption status from being reported.
Freeze (DFZ)	1.0.10.4	The DFZ component was updated to support a new configuration for accounts that use Citrix for remote access. Learn more
Manage Supervisor Password and Playbooks (PER)	1.0.8.10	The PER component was updated to support the new System restart configuration for Playbooks policies. Learn more
Mac
Anti-Malware (AVP)	1.0.11.42	The AVP component is now automatically restarted when the Secure Endpoint Agent detects that it is not running. This enhancement ensures that telemetry payloads are reliably sent immediately after device enrollment without requiring a manual reboot.
Device Usage (DUR)	1.0.8.26	To allow Wi-Fi information to be collected from a device, the DUR component was updated to ensure that the Absolute Secure Endpoint would like to use your current location prompt is shown to the device user as soon as the device is enrolled.
Full-Disk Encryption (ESP)	1.0.10.26	The ESP component is now automatically restarted when the Secure Endpoint Agent detects that it is not running. This enhancement ensures that telemetry payloads are reliably sent immediately after device enrollment without requiring a manual reboot.
Geolocation (GEO)	1.1.2.57	To allow Wi-Fi information to be collected from a device, the GEO component was updated to ensure that the Absolute Secure Endpoint would like to use your current location prompt is shown to the device user as soon as the device is enrolled. Logging improvement.
Hardware (HDP)	1.0.13.38	To allow Wi-Fi information to be collected from a device, the HDP component was updated to ensure that the Absolute Secure Endpoint would like to use your current location prompt is shown to the device user as soon as the device is enrolled.
Installed Applications (SNG)	1.0.12.27	The SNG component is now automatically restarted when the Secure Endpoint Agent detects that it is not running. This enhancement ensures that telemetry payloads are reliably sent immediately after device enrollment without requiring a manual reboot.

Version 11.0 of the Secure Endpoint Agent includes improvements and fixes to the following agent components:

Component	Component version	Fixes and improvements
Windows
Anti-Malware (AVP)	1.0.13.19	Security improvements.
Application Resilience (RAR)	7.16.1.17
Component manager (CTES)	1.0.0.4045
Custom Data Collector (CDC)	1.0.13.56
Data Discovery (DARAgent)	11.0.0.6
Device Usage (DUR)	1.0.10.13
Full-Disk Encryption (ESP)	1.0.11.18
Geolocation (GEO)	1.0.15.34
Hardware (HDP)	2.0.17.25	Stability, security, and logging improvements.
Installed Applications (SNG)	1.0.16.97	The SNG component has been updated to support scanning on Windows Server 2022. Fixed an issue where full scans could be significantly delayed on a device when no user was logged in after certain policy changes, causing SNG payloads to be missed for an extended period. Full scans are now scheduled correctly and payloads continue to be sent on a predictable cadence even when devices are not in active use. Fixed an issue where devices could experience frequent CPU spikes from the WmiPrvSE.exe process due to WMI polling. Performance, security, and logging improvements.
Manage Supervisor Password and Playbooks (PER)	1.0.7.59	Fixed an issue where BitLocker Drive Encryption, which was paused by the PER component, failed to resume encrypting the drive after the component had finished provisioning the device. Running a playbook on a device no longer suspends BitLocker. After a user-initiated Run playbook request is processed on a device, a new passcode is now automatically generated in preparation for the next request. Logging improvements.
Web Usage (WMA)	11.0.1.2	Security improvement.
Mac
Component manager (CTES)	1.0.0.4045	Security improvements.
Data Discovery (DARAgent)	11.0.0.10	Security improvement.
Device Usage (DUR)	1.0.8.24	For devices running macOS 14.8.2 or higher, the SSID is no longer missing or redacted in Lock and Unlock events reported on each device's Usage page. Security improvement.
Geolocation (GEO)	1.1.2.49	When the GEO component scanned a device following a device restart, the GEO payload may have failed to include the list of detected Wi-Fi access points, and no error was logged. This issue is now fixed.
Installed Applications (SNG)	1.0.12.26	Security improvement.