• Carbon Black Cloud Sensor
• NSudo Application

Although nsudo.exe used to be included as part of the VMware OS Optimization Tool. The use of nsudo.exe has now been deprecated.

Unfortunately, as of late, nsudo.exe has been leveraged by attackers, particularly as a privilege escalation tool, used sometimes to disable MS Defender, or to make unwanted system modifications, as described in the Threat Intelligence write-up below:

https://blogs.vmware.com/security/2022/11/batloader-the-evasive-downloader-malware.html

For this reason, the binary has been now categorized as potentially unwanted application (PUA), which, like suspect malware, should be blocked or terminated at execution.

Although the tool does not become a threat until it is weaponized as described in the write-up, we recommend removing it from the machines as a precautionary step.