Product Update 5.9.1.0 - November 1, 2022

This note is for customers who meet the following criteria:

  • Protected Theater is hosting images that use UEFI as the boot method

  • Protected Theater is on a version earlier than 4.9.0.0/5.9.0.0 that needs to be updated

Before starting the upgrade, we strongly recommend that you take a snapshot of the PT VM first. Also, take note that that versions prior to 4.10.0.0 are EoSL as per Security Validation Software Version Support, so we also recommend that you upgrade to the latest available Security Validation release.


When UEFI is used as the boot method, Protected Theater versions before 4.9.0.0/5.9.0.0 were continually accumulating snapshots. As of 4.9.0.0/5.9.0.0, only a single snapshot layer is being maintained, with all prior snapshots being folded into that single disk layer. Before upgrading, check the available disk space on the volume storing the PT’s images to determine if there’s enough free space to successfully perform the upgrade.


To complete a PT upgrade to 4.9.0.0/5.9.0.0, or higher, from a version prior to 4.9.0.0/5.9.0.0:    

  1. Take a snapshot of the PT VM.

  2. Check the number of snapshots & disk space required. To do this,

    1. Look in the /opt/apps/verodin/node/images directory & identify files that have a ten-digit number at the end of their filename. These are the snapshot layers that will get folded together into a single snapshot layer file on upgrade.

    2. Calculate the disk space required for the upgrade by adding up the file sizes of all the snapshot layers. Round up slightly to ensure a buffer of available disk space.

  3. Add disk space, if necessary.

    1. If the sum total of all snapshot layers (from 1a) is greater than or close to the amount of free disk space remaining on the PT volume holding the images, increase the volume's disk space.

    2. If the sum total of all snapshot layers (from 1a) is less than the amount of free disk space, continue to the upgrade step. 

  4. Perform the PT upgrade.

  5. Once the upgrade has completed, any disk space added to accomplish the upgrade can be reclaimed.

If you need any assistance with this process, please contact your TSC or CSM.

The Mandiant Advantage Security Validation (MA-SV) team is pleased to announce version 5.9.1.0 of the MA-SV platform.

General Enhancements 

  • Exposed SMTP ID of emails sent by jobs in Email Theater.

Bug Fixes 

  • Resolved Report Builder charts time zone configuration issues.
  • Fixed Report layout issues when Heat Map cells contain long actor names. 
  • Addressed issue with Active Directory groups syncing with Google authentication. 
  • Push Actor NGINX config body size now large enough to support actor update size increase. 
  • Fixed issue with CTTA job queues. 
  • Corrected host CLI action errors for local Defender log search. 
  • Paused state integrations no longer support query. 
  • Addressed WIN10 Endpoint Actors file dependency issue. 
  • Corrected issue with newly scheduled repeating jobs in UI. 
  • Fixed HTTPS/HTTP connection issues failing under certain conditions. 
  • Improved performance of drag/drop actions. 
  • Addressed threat intelligence data load failures in TAAM.  
  • Content pack screen now correctly attributes user performing upload.
© Copyright Mandiant. All rights reserved
  • First Published: November 21, 2022
  • Last updated: August 21, 2023
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.