Malware Scanner

cPGuard's active background scanner continuously protects your websites by monitoring file activities, executing schedules, and running heuristics. Control scanner services, watchlist directories, exclusions, and automatic cleanup using these commands.

Scanner Service

Check Scanner Status

View current background service state:

cpgcli scanner --status

Enable Active Scanner

cpgcli scanner --enable

Disable Active Scanner

cpgcli scanner --disable

Restart Scanner Service

cpgcli scanner --restart

Scheduled Scans

Enable or config timed background checks to run as incremental/deep scanners.

Enable Daily Scans

Runs at midnight to re-check files modified in the last 24 hours:

cpgcli dailyscan --enable

Disable Daily Scans

cpgcli dailyscan --disable

Enable Weekly Scans

Runs on Sunday midnight to re-check files modified inside the last week:

cpgcli weeklyscan --enable

Disable Weekly Scans

cpgcli weeklyscan --disable

AI Scanning Heuristics

Toggle smart machine-learning checks for suspicious or unknown threats.

Enable AI Heuristic Scan

cpgcli ai-scan --enable

Disable AI Heuristic Scan

cpgcli ai-scan --disable

Watchlist Directories `watch`

Manage paths continuously monitored by the cPGuard filesystem sensor.

View all watch positions

Print every directory in the current watchlist:

cpgcli watch --all

List user-added directories

Preview custom directories appended manually:

cpgcli watch --list

Add directory to watchlist

Include custom directories (always provide absolute paths):

cpgcli watch --add /home/user/public_html

Remove directory from watchlist

cpgcli watch --remove /home/user/public_html

:::danger Do Not Add System Paths Adding systemic system paths (such as /etc, /var, /usr) to the automatic filesystem watchlist is strongly discouraged. It can degrade server performance and create unnecessary stability risks. :::

Exclusion Whitelists `whitelist`

Define safe accounts or clean file paths to ignore during active scan executions.

List Whitelisted Users

cpgcli whitelist --user --list

Add Users to Whitelist

Multiple usernames can be separated by commas:

cpgcli whitelist --user --add user1,user2

Remove Users from Whitelist

cpgcli whitelist --user --remove user1

List Whitelisted Files

cpgcli whitelist --file --list

Add File to Whitelist

Provide absolute paths to safe PHP or script files:

cpgcli whitelist --file --add /home/user/public_html/safe.php

Remove File from Whitelist

cpgcli whitelist --file --remove /home/user/public_html/safe.php

Custom Scanner Blacklists `blacklist`

Force-flag specific scripts or paths as malicious during scans.

List Blacklisted Files

cpgcli blacklist --file --list

Add File to Blacklist

cpgcli blacklist --file --add /home/user/public_html/untrusted.php

Remove File from Blacklist

cpgcli blacklist --file --remove /home/user/public_html/untrusted.php

Default Threat Actions `file-action`

Establish immediate, automated responses relative to matching threat classifications.

Set Action for Confirmed Viruses

Supported values: email, disable, quarantine.

cpgcli file-action --virus quarantine

Set Action for Suspicious Files

cpgcli file-action --suspicious email

Set Action for Malicious Binaries

cpgcli file-action --binary quarantine

Enable Symbolic Link Action

Enable automatic deletion of insecure symbolic links:

cpgcli file-action --symbolic-link enable

Disable Symbolic Link Action

cpgcli file-action --symbolic-link disable

Automatic Malware Cleanup `cleanup`

Enable automatic mitigation of injected backdoors from core scripts without deleting the file entirely.

Enable Automated Cleanup

cpgcli cleanup --enable

Disable Automated Cleanup

cpgcli cleanup --disable

Scanner Log Actions `log-action`

Execute bulk processes or administrative restorations across threat incident logs.

Restore Quarantined File

cpgcli log-action --restore --log-id 54845

Move Files to Quarantine

cpgcli log-action --quarantine --from '-24 hours' --to 'now'

Delete Marked Files

cpgcli log-action --delete --signature '{HEX}Something' --file 'index.php'

Disable Infected Scripts

cpgcli log-action --disable --from '01-08-2023' --to '03-08-2023'

Report Files `report`

Coordinate with OPSSHIELD laboratories to flag misclassifications or point out missed strains.

Report False Positive

If a harmless file was flagged:

cpgcli report --false-positive /home/user/public_html/safe.php --desc 'Clean asset'

Report Undetected Malware

If a backdoor went unchecked:

cpgcli report --virus /home/user/public_html/webshell.php --desc 'Missed variant'

Scanner Service​

Check Scanner Status​

Enable Active Scanner​

Disable Active Scanner​

Restart Scanner Service​

Scheduled Scans​

Enable Daily Scans​

Disable Daily Scans​

Enable Weekly Scans​

Disable Weekly Scans​

AI Scanning Heuristics​

Enable AI Heuristic Scan​

Disable AI Heuristic Scan​

Watchlist Directories watch​

View all watch positions​

List user-added directories​

Add directory to watchlist​

Remove directory from watchlist​

Exclusion Whitelists whitelist​

List Whitelisted Users​

Add Users to Whitelist​

Remove Users from Whitelist​

List Whitelisted Files​

Add File to Whitelist​

Remove File from Whitelist​

Custom Scanner Blacklists blacklist​

List Blacklisted Files​

Add File to Blacklist​

Remove File from Blacklist​

Default Threat Actions file-action​

Set Action for Confirmed Viruses​

Set Action for Suspicious Files​

Set Action for Malicious Binaries​

Enable Symbolic Link Action​

Disable Symbolic Link Action​

Automatic Malware Cleanup cleanup​

Enable Automated Cleanup​

Disable Automated Cleanup​

Scanner Log Actions log-action​

Restore Quarantined File​

Move Files to Quarantine​

Delete Marked Files​

Disable Infected Scripts​

Report Files report​

Report False Positive​

Report Undetected Malware​