Malware scanner in Imunify360


EXPERIENCING PROBLEMS WITH OUR SERVICES? RUN A DIAGNOSE FIRST TO SAVE YOURS AND OUR TIME

Added: 05.10.2018 13:14:07     Last updated: 19.06.2019 13:57:25

This guide shows how the malware scanner in Imunify360 works and which services are available through this in cPanel. The guide requires you to first log into cPanel.
Imunify360 is a security solution installed on the web hosting servers. It stops a lot of attacks and protects the server in various ways. More about the technology here.

Step 1:
Click the icon for "Imunify360" as shown below:

Imunify360 in cPanel


Step 2:
Below here you will find an overview of the different items.

  1. Suspicious files will appear in this area.
  2. This area shows how many files have been quarantined. The permissions for quarantined files will be set to 000, which means they will not be accessible.
  3. Files restored from quarantine will be displayed here.
  4. Suspicious files will apear in this table, sorted by the discovery date.
    From the left:
    - Date / Time
    - File path and name
    - How the file was discovered
    - The reason for the file being treated as suspicious (virus, PHP code etc.)
  5. In the "Actions" column there are 3 buttons that can be used to manage the file.
    From the left:
    - View the contents of the file (even though it is quarantined)
    - Put in quarantine or restore from quarantine
    If the file is quarantined it can be sent for analysis, whitelisted or recovered.
    - Whitelist or delete the file
Malware scanner and quarantine of malicious files


6. Ignore-List
A. If you wish to add files or folders to the whitelist, this is where it is done.
B. In this example the path /home//test is added to the whitelist. This means the folder "test" will not be included when Imunify is scanning for malware.

Ignore List


7. Settings

  1. With this option enabled, imunify will try to recover an uncorrupted file from a recent backup before falling back to the next option if it fails.
  2. If the scanner identifies a file as suspicious, this is where you choose which action will be performed. There are 3 choices to choose from:
    - Standard: Change the file permissions to 000.
    - Delete the file.
    - Just display the file in the dashboard and don't do any further automatic action.
  3. If the "Try to restore from backups" option is active, this is how far back the server will look for the files.
  4. If blamer is enabled, Imunify will try to trace the connections made by the malicious code and generate a report that will be automatically sent to CloudLinux.

 

Settings in Imunify360

 

Finished
We have now gone through how to whitelist files and folders in the scanner, as well as manage the files the scanner identifies as potentially malicious.