Product Update 5.9.0.0 - September 22, 2022

This note is for customers who meet the following criteria:

  • Protected Theater is hosting images that use UEFI as the boot method

  • Protected Theater is on a version earlier than 4.9.0.0/5.9.0.0 that needs to be updated

Before starting the upgrade, we strongly recommend that you take a snapshot of the PT VM first. Also, take note that that versions prior to 4.10.0.0 are EoSL as per Security Validation Software Version Support, so we also recommend that you upgrade to the latest available Security Validation release.


When UEFI is used as the boot method, Protected Theater versions before 4.9.0.0/5.9.0.0 were continually accumulating snapshots. As of 4.9.0.0/5.9.0.0, only a single snapshot layer is being maintained, with all prior snapshots being folded into that single disk layer. Before upgrading, check the available disk space on the volume storing the PT’s images to determine if there’s enough free space to successfully perform the upgrade.


To complete a PT upgrade to 4.9.0.0/5.9.0.0, or higher, from a version prior to 4.9.0.0/5.9.0.0:    

  1. Take a snapshot of the PT VM.

  2. Check the number of snapshots & disk space required. To do this,

    1. Look in the /opt/apps/verodin/node/images directory & identify files that have a ten-digit number at the end of their filename. These are the snapshot layers that will get folded together into a single snapshot layer file on upgrade.

    2. Calculate the disk space required for the upgrade by adding up the file sizes of all the snapshot layers. Round up slightly to ensure a buffer of available disk space.

  3. Add disk space, if necessary.

    1. If the sum total of all snapshot layers (from 1a) is greater than or close to the amount of free disk space remaining on the PT volume holding the images, increase the volume's disk space.

    2. If the sum total of all snapshot layers (from 1a) is less than the amount of free disk space, continue to the upgrade step. 

  4. Perform the PT upgrade.

  5. Once the upgrade has completed, any disk space added to accomplish the upgrade can be reclaimed.

If you need any assistance with this process, please contact your TSC or CSM.

The Mandiant Advantage Security Validation (MA-SV) team is pleased to announce version 5.9.0.0 of the MA-SV platform.  

General Enhancements 

  • GMail API now available as an option for Email Action notifications
  • Enhancements to email-specific integration queries when searching for events upon completion of Action
  • Failures to connect to proxy now show error result and are no longer blocked

Bug Fixes

  • Fixed an issue when inspecting PCAP for A101-300 on a SAAS Director
  • Corrected Job Status Filter date/time not matching results
  • Fixed an issue with deleting a Protected Theater while connected to Protected Actor returning to Protected Theater screen
  • Resolved Job Status Filter date/time not matching results
  • Fixed VRegister failure to escape proxy password
  • Resolved urllib3 errors when parsing proxy url
  • Corrected http_ntlm not working with Windows Endpoint Actors
  • Fixed issues in SEP Integration
  • Fixed issue with Network Actors reporting inability to see Cloud Actor
  • Fixed issue with backups persisting applied patches during Director restore
  • Protected rule sets updated for Defender ATP
  • Fixed Zscaler file download A100-362 failures due to 'non-RFC compliant traffic'
  • Corrected issue with AEDA Configuration sleep time configuration
  • Correctly resolve OOM Job Processor Errors
  • Resolved 500 Internal Server Error issue under certain Director update scenarios
  • Return expected Results when Scheduling repeating Bulk Evaluations
  • Fixed issue with bulk scheduled repeating jobs not working
  • Customer Report now correctly displays in older versions of MSV
  • Update to MSV Linux Actor Standalone Installer Readme
  • Fixed issue with Cybereason integration error handling
  • Resolved issue with Host CLI commands not displaying correctly
  • Corrected issue where certain job logs could contain plaintext data
  • Director UI now correctly shows "Out of Disk Space" error message when a backup fails 
  • External snapshots for UEFI-boot PT guests no longer persist
  • Corrected Drag and Drop Actions from Unassigned to Current in Queue
  • MSV no longer sending the hostname of the source Actor as the login ID when using the http_kerberos proxy type 
  • Fixed Microsoft Sentinel integration alerts
  • Resolved ZScaler proxy issues when using SAML auth
  • Corrected AEDA Monitor Evaluation Job failure handling  
  • Scheduled Jobs no longer removed when canceled
  • Large Bulk Jobs Fail to Execute on A Large Subset of Suitable Actors (But Run Fine if Ran individually)
© Copyright Mandiant. All rights reserved
  • First Published: November 21, 2022
  • Last updated: August 21, 2023
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.