C:\Program Files (x86)\CentraStage\Gui.exe flagged as suspicious by Bitdefender Gravity Zone

Thariq
Thariq Mr
edited May 2023 in Enterprise Security


Hi everyone,

I am having trouble with Bitdefender Gravity Zone. I am using the Bitdefender Gravity Zone Business Security solution, and I am getting a severity score of around 60 that the file C:\Program Files (x86)\CentraStage\Gui.exe is suspicious or Malware

Dectect by the (Endpoint Detection and response)

I am not sure why this file is being flagged as suspicious. I have verified that the file is legitimate, and it is part of the CentraStage software (Datto RMM) that I am using to manage my IT infrastructure.

It detects as below in The events for the following title

RegSigModifyInternetZonemap

\REGISTRY\USER\[SID Number]\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

SuspiciousExtensionChange

Anomaly.System.SevereAlerts

An anomaly has been detected.

PsexecExecuted

The Windows System Internals tool PsExec has been executed.

SuspiciousProxySettingsManipulation

A suspicious process manipulated the registry for Proxy Settings

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

I would appreciate any help that you can provide in resolving this issue. Please let me know if you have any questions.

Thank you,

Comments