C:\Program Files (x86)\CentraStage\Gui.exe flagged as suspicious by Bitdefender Gravity Zone

Thariq

Hi everyone,

I am having trouble with Bitdefender Gravity Zone. I am using the Bitdefender Gravity Zone Business Security solution, and I am getting a severity score of around 60 that the file C:\Program Files (x86)\CentraStage\Gui.exe is suspicious or Malware

Dectect by the (Endpoint Detection and response)

I am not sure why this file is being flagged as suspicious. I have verified that the file is legitimate, and it is part of the CentraStage software (Datto RMM) that I am using to manage my IT infrastructure.

It detects as below in The events for the following title

RegSigModifyInternetZonemap

\REGISTRY\USER\[SID Number]\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

SuspiciousExtensionChange

Anomaly.System.SevereAlerts

An anomaly has been detected.

PsexecExecuted

The Windows System Internals tool PsExec has been executed.

SuspiciousProxySettingsManipulation

A suspicious process manipulated the registry for Proxy Settings

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

I would appreciate any help that you can provide in resolving this issue. Please let me know if you have any questions.

Thank you,

Flexx

https://community.bitdefender.com/en/discussion/95957/c-program-files-x86-centrastage-gui-exe-flagged-as-suspicious-by-bitdefender-gravity-zone

Kindly contact the bitdefender business support by visiting https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory  

Additionally, @Alex_Dr or @Andra_B can have a look into this for you.

Regards

Alex_Dr

Hello @Thariq,

I do apologize for the late reply.

Have you tried setting an exclusion for the exe file? If you have and the situation still continues, I strongly suggest contacting the Enterprise Support Team as they will need confirmation to exclude the file from our database.

Please keep me updated with further development.

Best regards,

Alex D.