MSV 4.14.5.0 Product Release - February 19, 2026

The Mandiant Security Validation (MSV) team is pleased to announce version 4.14.5.0 of the MSV platform.

Enhancements

• Separated Actor and Protected Theater updates into distinct packages and updated the Director to use these new packages.
• Added a deprecation notice for the Legacy Crowdstrike Integration and prevented new API calls.
• Replaced Redis 7.2 with Valkey 8 and added the Valkey RPM to security updates.
• Added the capability for Event Filter Rules to detect on match.
• Improved MSI Correlation Query options.
• Correlation configuration is only displayed for correlation-enabled Integrations.
• Added a warning message when users attempt to use a deprecated integration.
• Cloud Profiles are retained when rescheduling a previously cancelled scheduled Cloud Action.
• Addressed inaccuracies in MSV API documentation.
• Improved the responsiveness of the /manage_sims/v2/Actions/library_Actions_list endpoint.
• Removed PostgreSQL 13 software as of this release.
• Addressed the following vulnerabilities in Directors: CVE-2024-47889, CVE-2024-49761, CVE-2025-6442

Bug fixes

• Fixed an issue where the application backup taken during an upgrade did not correctly preserve the directory structure.
• Resolved an infinite retry loop leading to RecursionError in Actors.
• Resolved an infinite loop in Pull Actor Service when trying to acquire a lock.
• Fixed performance issues with the /audit_logs/table_data endpoint.
• Fixed an issue where Port Scan Action A100-365 failed when run as a Bulk Scheduled Job.
• Addressed failures of scheduled Jobs on Windows endpoint Actors.
• Resolved an issue causing HTTP DNS File Transfer Action errors.
• Fixed an issue where Job results were not visible.
• Fixed an issue where rescheduling a previously cancelled scheduled Cloud Action caused the new Job to fail instantly.
• Fixed an issue where Integration Event Filter Rules were not suppressing/dropping events.
• Resolved errors with Remote Legacy Splunk integration test queries after a 4.14.4.0 upgrade. 
• Fixed a 500 error response from integrations_api/process_translated_events.
• Addressed issues with the email query in the Anomali - MSV integration.
• Fixed missing default host for the integration event match to email Action.
• Resolved an issue preventing the use of the "" character in the MSI Integration test box.
• Fixed run_test_query using the raw query instead of the MSI used query.
• Fixed inability to open the page for Legacy Remote Integrations.
• Fixed the Action VID URL on the Action details page.
• Fixed navigation to Action Details from the Assessment screen.
• Resolved an issue where the Report Builder Data table widget was missing the Action Description value.
• Fixed the time selector display for 12 AM and 12 PM in Schedule Reports.
• Ensured scheduled reports do not fail silently if no data is available within the configured time range.
• Fixed searching by tag not finding expected Actions.
• Fixed PCAP name not updating to VID when VID is updated from the API.
• Resolved malformed pack generation from Export All.
• Fixed content import tag serialization parsing.
• Fixed the Google Authenticator QR code not being scannable.
• Resolved a 500 error when changing the authentication method to Google Authenticator.
• Added web interface controls to prevent non-root users from making NTP changes in the Director.
• Resolved an issue causing Protected Actor snapshots to end up in an error state.
• Fixed the "directory_exists" security technology discovery definition on Linux.
• Addressed a stack trace in the integration_event model.
• Fixed an issue where AEDA Monitor randomly stalls.
• Fixed an issue where AEDA reported the wrong simulation alert.
• Fixed Monitor creation throwing a 502 error with a large number of Actions.
• Addressed services not working after using vrestart on a Director.
• Fixed issues with PCAP imports and running over port 80.
• Resolved issue where Actor updates were not progressing.
• Fixed Protected Theater Actors failing to update.
• Addressed Pull service failure causing Actors to go offline.
• Fixed Protected Theater Actor/Actions not running using a local user.
• Fixed an issue where some messages incorrectly showed "Scheduled Action" instead of "Repeated Action" for repeating jobs.

Known issues

• Local Event Filtering works as expected but is limited to Match Action, Match Integration, and Match Events (when the latter involves Raw Events). If a rule has a Match Event condition for any field other than Raw Event, the rule does not apply to Local Events. It only applies to events from standard local integrations in MSV.
• Network configuration may reset unexpectedly. To resolve the issue, run vsetnet after the upgrade with static IP addresses for one or more interfaces.

Appliance OS security update

The latest platform security update can always be found on the Validation Section of the Docs Portal. This security update applies to all versions of the product and is cumulative.

Important installation notes

Minimum Director version 4.14.0.0 or higher is required to upgrade to version 4.14.5.0.

To download documentation and software (appliance images, installers, and update packages) visit the Validation Section of the Docs Portal. For full details on how to upgrade, see Updating Security Validation Components.

Failed upgrade from Director web interface

If your Director fails to upgrade to 4.14.5.0 after you attempt the upgrade from the web interface, check Troubleshoot failed upgrades to MSV 4.14.5.0 for additional self-help tips. That document contains which log file to check, for what specific content, and how to use the provided script to fix the issue.