gsudo.dll in new version Version 2025.1.24.0 - Suspicion?
Hey,
After installing the new version, our EDR system showed a potential threat. It is%PROGRAMFILES%\devolutions\remote desktop manager\runtimes\win-x64\native\gsudo.exe
From my investigation by SHA-256 (21C470D6DEABFBD398349168E18ED1CF261D6C204D7BD12EEB53C846403A0D1A)
- https://www.virustotal.com/gui/file/21c470d6deabfbd398349168e18ed1cf261d6c204d7bd12eeb53c846403a0d1a/detection
- https://valhalla.nextron-systems.com/info/rule/SUSP_SCRIPT_PowerShell_Param_Abbrev_Jul21
Signature is ok by Gerardo Grignoli. 
how do yours systems respond to this?
3a67ffb7-ece3-491f-9962-cd89829feb1b.png
Recommended Answer
Hi Rafal,
This is expected, gsudo is packaged with RDM for our new gsudo feature. The file is completely safe but I can understand why an EDR would report this file as it deals with privilege elevation.
https://blog.devolutions.net/2025/03/whats-new-in-remote-desktop-manager-20251/#gsudo-for-elevated-process-launching-instead-of-shell-execute-runas
Regards,
Sébastien Duquette
All Comments (2)
Hi Rafal,
This is expected, gsudo is packaged with RDM for our new gsudo feature. The file is completely safe but I can understand why an EDR would report this file as it deals with privilege elevation.
https://blog.devolutions.net/2025/03/whats-new-in-remote-desktop-manager-20251/#gsudo-for-elevated-process-launching-instead-of-shell-execute-runas
Regards,
Sébastien Duquette
Hi Sebastien,
Thank you for the clarification. I will keep an eye on the operation of this object just in case ;-)