- What is the difference between ImunifyAV, ImunifyAV+ and Imunify360?
ImunifyAV provides only malware scanning. ImunifyAV+ provides malware scanning, cleanup and Reputation Management. Imunify360 provides complete web server protection that includes all ImunifyAV+ features as well as firewall, WAF, Proactive Defense, Hardened PHP, KernelCare and Backup integration.
- I have ImunifyAV found some malware in users directories. What should I do to clean them?
If you have ImunifyAV, then you need to upgrade to ImunifyAV+. If you already have ImunifyAV+ or Imunify360, just click Cleanup All button in Users or Files tab.
- My website/server got infected. What should I do to clean up and protect it?
ImunifyAV can only inform you about infected files. ImunifyAV+ can also perform malware cleanup. However, if you need protection from new infections in addition to malware cleanup, you have to use Imunify360. If you are not a system owner/admin, ask your hosting provider for available options.
- I’d like to cleanup some of my files that I believe are infected. What should I do?
Install either ImunifyAV+ or Imunify360 and perform cleanup from the Files tab.
- Will the Restore link in the Users tab restore a clean copy of a file from backup?
No, it will restore the version that existed prior to malware cleanup.
- Can I view the latest scan/cleanup report for users that have scanning/cleanup queued?
Yes, this is available in the Users tab.
- Can an end-user start a malware scan?
Yes, if a user is allowed by an administrator to scan his files, he can see the Start scanning button in the Files tab.
- How can I remove cleaned up entries from the Files tab?
They are automatically removed as soon as backups of cleaned files are purged. Backup file retention period can be set up in the Settings tab. Default retention time is 14 days.
- Are old entries removed from the History tab?
No, you can filter/sort the History tab by date, event and cause.
- Are files automatically removed from the Ignore list when their checksums get changed?
No, a file will stay in the Ignore list as long as its filename is the same.
- Is it possible to upgrade ImunifyAV(+) to Imunify360 without uninstalling?
Unfortunately, this is not possible. You need to remove ImunifyAV(+) and then install Imunify360 as described in https://docs.imunifyav.com/imunifyav/#how-to-uninstall-imunifyav and https://docs.imunify360.com/installation/
- How to monitor file changes, like for example in the /etc/passwd, via OSSEC?
It is possible to monitor file changes in the /etc/passwd by creating your own OSSEC rules based on the ones you can find in the /var/ossec/etc/ossec.conf. Such rules should be placed in the /var/ossec/etc/rules_local.d/.
You can create your own config based on the 999_local_rules.xml.template file located there and enable the following options for your custom rule: