Product Update 5.9.2.0 - November 22, 2022

This note is for customers who meet the following criteria:

  • Protected Theater is hosting images that use UEFI as the boot method

  • Protected Theater is on a version earlier than 4.9.0.0/5.9.0.0 that needs to be updated

Before starting the upgrade, we strongly recommend that you take a snapshot of the PT VM first. Also, take note that that versions prior to 4.10.0.0 are EoSL as per Security Validation Software Version Support, so we also recommend that you upgrade to the latest available Security Validation release.


When UEFI is used as the boot method, Protected Theater versions before 4.9.0.0/5.9.0.0 were continually accumulating snapshots. As of 4.9.0.0/5.9.0.0, only a single snapshot layer is being maintained, with all prior snapshots being folded into that single disk layer. Before upgrading, check the available disk space on the volume storing the PT’s images to determine if there’s enough free space to successfully perform the upgrade.


To complete a PT upgrade to 4.9.0.0/5.9.0.0, or higher, from a version prior to 4.9.0.0/5.9.0.0:    

  1. Take a snapshot of the PT VM.

  2. Check the number of snapshots & disk space required. To do this,

    1. Look in the /opt/apps/verodin/node/images directory & identify files that have a ten-digit number at the end of their filename. These are the snapshot layers that will get folded together into a single snapshot layer file on upgrade.

    2. Calculate the disk space required for the upgrade by adding up the file sizes of all the snapshot layers. Round up slightly to ensure a buffer of available disk space.

  3. Add disk space, if necessary.

    1. If the sum total of all snapshot layers (from 1a) is greater than or close to the amount of free disk space remaining on the PT volume holding the images, increase the volume's disk space.

    2. If the sum total of all snapshot layers (from 1a) is less than the amount of free disk space, continue to the upgrade step. 

  4. Perform the PT upgrade.

  5. Once the upgrade has completed, any disk space added to accomplish the upgrade can be reclaimed.

If you need any assistance with this process, please contact your TSC or CSM.

The Mandiant Advantage Security Validation (MA-SV) team is pleased to announce version 5.9.2.0 of the MA-SV platform.

General Enhancements

  • Added ability to assign a proxy to Webhooks
  • HTTP GET file transfer actions now have a configurable timeout
  • Email Theater Actions now report the SMTP ID of job sent emails
  • Added MSI Integration Operational Status health checks
  • Removed the Director operational status section
  • As of November 15, 2022, a new support portal is available

Bug Fixes

  • Fixed issue where endpoint events were not being collected appropriately
  • Fixed issue where repeating actions were not inheriting the parent runtime parameters
  • Fixed issue where the cleanup service would sometimes get locked in a stopped state
  • Fixed issue that could cause Splunk notable event to only be tied to one action in an evaluation instead of all the relevant actions
  • Fixed issue when restoring from a Director backup to prevent overwriting the known network configuration
  • Fixed issue impacting detections for DNS queries
  • Fixed issue with Host CLI commands disappearing
  • Fixed issue where the Director Settings page would sometimes become out of sync
  • Fixed issue in Report Builder to allow for 1-day or 2-day selections
  • Fixed issue where the security update for actors was not properly displayed in the UI
  • Additional minor bug fixes and improvements
© Copyright Mandiant. All rights reserved
  • First Published: November 21, 2022
  • Last updated: October 14, 2025
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.