C:\Program Files (x86)\CentraStage\Gui.exe flagged as suspicious by Bitdefender Gravity Zone
Hi everyone,
I am having trouble with Bitdefender Gravity Zone. I am using the Bitdefender Gravity Zone Business Security solution, and I am getting a severity score of around 60 that the file C:\Program Files (x86)\CentraStage\Gui.exe is suspicious or Malware
Dectect by the (Endpoint Detection and response)
I am not sure why this file is being flagged as suspicious. I have verified that the file is legitimate, and it is part of the CentraStage software (Datto RMM) that I am using to manage my IT infrastructure.
It detects as below in The events for the following title
RegSigModifyInternetZonemap
\REGISTRY\USER\[SID Number]\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
SuspiciousExtensionChange
Anomaly.System.SevereAlerts
An anomaly has been detected.
PsexecExecuted
The Windows System Internals tool PsExec has been executed.
SuspiciousProxySettingsManipulation
A suspicious process manipulated the registry for Proxy Settings
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
I would appreciate any help that you can provide in resolving this issue. Please let me know if you have any questions.
Thank you,
Comments
-
Kindly contact the bitdefender business support by visiting https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory
Additionally, @Alex_Dr or @Andra_B can have a look into this for you.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Hello @Thariq,
I do apologize for the late reply.
Have you tried setting an exclusion for the exe file? If you have and the situation still continues, I strongly suggest contacting the Enterprise Support Team as they will need confirmation to exclude the file from our database.
Please keep me updated with further development.
Best regards,
Alex D.
0 -
I found this same program on a clients computer today. He had never heard of it and did not recall a reason for it to be there. When I tried to figure out what it was I read that the company closed down in 2014. That is 6 years before his laptop manufacture date. Seems weird that it was installed last year. We are concerned because reason computer is here is because his email was hacked (?) and an important bit of info was hijacked. Serious matter. Feeling like this might not be a coincidence than an old remote access program is in the mix of this mess🚩. Excluding it might not be in peoples best interests.
0 -
Hello.
Since you need help with business product, @Andrei_S Enterprise (who provides support for business products) could take a look here and help you with the issue.
Also, you can always contact the Bitdefender business support:
Regards.
0 -
Hello @BeanyTech
We would need to involve Labs in this case to verify the file and confirm if this represents a threat or it's a false positive.
You can either reach out directly to them by submitting the file through this webform:
https://www.bitdefender.com/business/submit.html
or you can reach our to Enterprise Support and they will contact them internally.
Kind Regards,
1
