Product Update 4.9.1.1 - October 31, 2022

MSV 4.10.2.2 contains defect resolutions and a critical security fix. We recommend you apply that update as soon as reasonably possible. If you're unable to upgrade at this time, use the instructions in Manage User Admin Account to either set a password for the account or disable the account if it's not being used.

This note is for customers who meet the following criteria:

  • Protected Theater is hosting images that use UEFI as the boot method

  • Protected Theater is on a version earlier than 4.9.0.0/5.9.0.0 that needs to be updated

Before starting the upgrade, we strongly recommend that you take a snapshot of the PT VM first. Also, take note that that versions prior to 4.10.0.0 are EoSL as per Security Validation Software Version Support, so we also recommend that you upgrade to the latest available Security Validation release.


When UEFI is used as the boot method, Protected Theater versions before 4.9.0.0/5.9.0.0 were continually accumulating snapshots. As of 4.9.0.0/5.9.0.0, only a single snapshot layer is being maintained, with all prior snapshots being folded into that single disk layer. Before upgrading, check the available disk space on the volume storing the PT’s images to determine if there’s enough free space to successfully perform the upgrade.


To complete a PT upgrade to 4.9.0.0/5.9.0.0, or higher, from a version prior to 4.9.0.0/5.9.0.0:    

  1. Take a snapshot of the PT VM.

  2. Check the number of snapshots & disk space required. To do this,

    1. Look in the /opt/apps/verodin/node/images directory & identify files that have a ten-digit number at the end of their filename. These are the snapshot layers that will get folded together into a single snapshot layer file on upgrade.

    2. Calculate the disk space required for the upgrade by adding up the file sizes of all the snapshot layers. Round up slightly to ensure a buffer of available disk space.

  3. Add disk space, if necessary.

    1. If the sum total of all snapshot layers (from 1a) is greater than or close to the amount of free disk space remaining on the PT volume holding the images, increase the volume's disk space.

    2. If the sum total of all snapshot layers (from 1a) is less than the amount of free disk space, continue to the upgrade step. 

  4. Perform the PT upgrade.

  5. Once the upgrade has completed, any disk space added to accomplish the upgrade can be reclaimed.

If you need any assistance with this process, please contact your TSC or CSM.

The Mandiant Security Validation (MSV) team is pleased to announce version 4.9.1.1 of the MSV platform. 

General Enhancements

  • Customers can now integrate an MSV Director with Azure Sentinel in Gov Cloud.

Bug Fixes

  • Fixed an issue where customers were not able to modify the Azure Sentinel query form field in the UI.
  • Fixed an issue where, in certain cases, when a new SSL certificate is applied to the Director using the UI, there was a mismatch.

Appliance OS Security Update

There are no security updates required for the 4.9.1.1 release. 

Mandiant uses Red Hat’s security ratings to determine the criticality of vulnerabilities identified and resolved. This rating system is a combination of a four- point scale and the Common Vulnerability Scoring System (CVSS) base scores. No critical vulnerabilities were found in the scan of the 4.9.1.1 that needed remediation.

To download documentation and software (appliance images, installers, and update packages), visit the Validation Section of the Docs Portal.
© Copyright Mandiant. All rights reserved
  • First Published: October 27, 2022
  • Last updated: April 26, 2023
In This Article
Related Articles
  • None
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.