C:\Program Files (x86)\CentraStage\Gui.exe flagged as suspicious by Bitdefender Gravity Zone

Thariq

Hi everyone,

I am having trouble with Bitdefender Gravity Zone. I am using the Bitdefender Gravity Zone Business Security solution, and I am getting a severity score of around 60 that the file C:\Program Files (x86)\CentraStage\Gui.exe is suspicious or Malware

Dectect by the (Endpoint Detection and response)

I am not sure why this file is being flagged as suspicious. I have verified that the file is legitimate, and it is part of the CentraStage software (Datto RMM) that I am using to manage my IT infrastructure.

It detects as below in The events for the following title

RegSigModifyInternetZonemap

\REGISTRY\USER\[SID Number]\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass

SuspiciousExtensionChange

Anomaly.System.SevereAlerts

An anomaly has been detected.

PsexecExecuted

The Windows System Internals tool PsExec has been executed.

SuspiciousProxySettingsManipulation

A suspicious process manipulated the registry for Proxy Settings

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

I would appreciate any help that you can provide in resolving this issue. Please let me know if you have any questions.

Thank you,

Flexx

https://community.bitdefender.com/en/discussion/95957/c-program-files-x86-centrastage-gui-exe-flagged-as-suspicious-by-bitdefender-gravity-zone

Kindly contact the bitdefender business support by visiting https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory  

Additionally, @Alex_Dr or @Andra_B can have a look into this for you.

Regards

Alex_Dr

Hello @Thariq,

I do apologize for the late reply.

Have you tried setting an exclusion for the exe file? If you have and the situation still continues, I strongly suggest contacting the Enterprise Support Team as they will need confirmation to exclude the file from our database.

Please keep me updated with further development.

Best regards,

Alex D.

BeanyTech

I found this same program on a clients computer today. He had never heard of it and did not recall a reason for it to be there. When I tried to figure out what it was I read that the company closed down in 2014. That is 6 years before his laptop manufacture date. Seems weird that it was installed last year. We are concerned because reason computer is here is because his email was hacked (?) and an important bit of info was hijacked. Serious matter. Feeling like this might not be a coincidence than an old remote access program is in the mix of this mess🚩. Excluding it might not be in peoples best interests.

Gjoksi

@BeanyTech

Hello.

Since you need help with business product, @Andrei_S Enterprise (who provides support for business products) could take a look here and help you with the issue.

Also, you can always contact the Bitdefender business support:

https://www.bitdefender.com/business/support/en/71263-85158-contact.html

Regards.

Andrei_S Enterprise

Hello @BeanyTech

We would need to involve Labs in this case to verify the file and confirm if this represents a threat or it's a false positive.

You can either reach out directly to them by submitting the file through this webform:

https://www.bitdefender.com/business/submit.html

or you can reach our to Enterprise Support and they will contact them internally.

Kind Regards,