{"id":15806,"date":"2020-03-24T15:18:55","date_gmt":"2020-03-24T14:18:55","guid":{"rendered":"https:\/\/www.oderland.se\/support\/artikel\/hur-fungerar-imunify360\/"},"modified":"2023-05-15T11:32:11","modified_gmt":"2023-05-15T10:32:11","slug":"how-does-imunify360-work","status":"publish","type":"ht_kb","link":"https:\/\/www.oderland.se\/support\/en\/artikel\/how-does-imunify360-work\/","title":{"rendered":"How does Imunify360 work?"},"content":{"rendered":"\n<p>Imunify360 is the name of the software we use to protect our clients from attacks and malicious code. It&#8217;s included in all <a href=\"https:\/\/www.oderland.com\/web-hosting\/\" target=\"_blank\" rel=\"noreferrer noopener\">web hosting accounts<\/a>, our <a href=\"https:\/\/www.oderland.com\/solutions\/agency\/\" target=\"_blank\" rel=\"noreferrer noopener\">Agency<\/a> services and on all newer <a href=\"https:\/\/www.oderland.com\/servers\/\" target=\"_blank\" rel=\"noreferrer noopener\">Managed Servers<\/a>. If you have a Managed Server today and lack Imunify360, please <a href=\"https:\/\/www.oderland.se\/support\/en\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener\">contact us<\/a> if you want to have it installed.<\/p>\n\n\n\n<p>In this article we&#8217;ll go through the various parts and features of Imunify360, so you&#8217;ll know what&#8217;s going on and how to adjust it to work as you wish.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Accessing Imunify360<\/h2>\n\n\n\n<p>To access Imunify360, begin by <a rel=\"noreferrer noopener\" href=\"https:\/\/www.oderland.se\/support\/en\/artikel\/how-do-i-login-to-cpanel\/\" data-type=\"ht_kb\" data-id=\"4236\" target=\"_blank\">logging on to cPanel<\/a>. Then find the <code>Imunify360<\/code> icon under <code>Security<\/code>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/cpanel_icon_imunify360-1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"720\" height=\"312\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/cpanel_icon_imunify360-1.png\" alt=\"\" class=\"wp-image-18664\" srcset=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/cpanel_icon_imunify360-1.png 720w, https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/cpanel_icon_imunify360-1-300x130.png 300w, https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/cpanel_icon_imunify360-1-50x22.png 50w, https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/cpanel_icon_imunify360-1-60x26.png 60w, https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/cpanel_icon_imunify360-1-100x43.png 100w\" sizes=\"auto, (max-width: 720px) 100vw, 720px\" \/><\/a><\/figure>\n\n\n\n<p>You will now end up in the Imunify360 interface. On top, there is a menu which parts we&#8217;ll now go through:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify_menu-1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1446\" height=\"142\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify_menu-1.png\" alt=\"\" class=\"wp-image-10254\"\/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Files<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Scan for malicious files<\/h3>\n\n\n\n<p>Here you&#8217;ll see a list of all files Imunify360 has identified as harmful. It may be both malicious files and legitimate files injected with malicious code.<\/p>\n\n\n\n<p>Imunify360 will automatically scan through your web hosting account, looking for harmful files, once per week. If it finds something, it&#8217;ll end up in the list on this page. By default, it&#8217;ll also try to remove the malicious code. If you don&#8217;t want Imunify360 to delete code automatically, you can change this in the <a href=\"#settings\">settings<\/a>.<\/p>\n\n\n\n<p>You may also start a manuall scan by clicking the button <code>Start scanning<\/code> by the top right.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"346\" height=\"324\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/06\/cpanel_imunify360_start_scan.png\" alt=\"\" class=\"wp-image-11088\"\/><\/figure>\n\n\n\n<p>You will now get to confirm that you wish Imunify360 to scan your account. Click <code>Yes, start scan<\/code> to begin.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"512\" height=\"261\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/06\/cpanel_imunify360_start_user_scan.png\" alt=\"\" class=\"wp-image-11090\"\/><\/figure>\n\n\n\n<p>A green confirmation popup will be shown, telling you that your scan has been added to the queue and will start as soon as possible.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"480\" height=\"162\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/06\/cpanel_imunify360_scan_added_to_queue.png\" alt=\"\" class=\"wp-image-11093\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Results after a scan for malicious files<\/h3>\n\n\n\n<p>The results of an automatic or a manual scan will be shown in the table a bit down on the page.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-files.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1786\" height=\"627\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-files.png\" alt=\"\" class=\"wp-image-10230\"\/><\/a><\/figure>\n\n\n\n<p>The various columns imply the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scan date:<\/strong> The date when the file was found.<\/li>\n\n\n\n<li><strong>File:<\/strong> The path to the infected file.<\/li>\n\n\n\n<li><strong>Reason:<\/strong> Why the file has been flagged as malicious. This field may be hard to interpret, but if you want to learn more about it, please refer to <a rel=\"noreferrer noopener\" href=\"https:\/\/docs.imunify360.com\/faq_and_known_issues\/#_17-malware-file-reasons\" target=\"_blank\">this page<\/a>. Long story short, <code>INJ<\/code> means that the file has been injected with harmful code and <code>SA<\/code> means that the file itself is malicious.<\/li>\n\n\n\n<li><strong>Status:<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Infected:<\/strong> The file is currently infected.<\/li>\n\n\n\n<li><strong>Cleaned:<\/strong> Imunify360 has automatically removed malicious code from the file.<\/li>\n\n\n\n<li><strong>Quarantined:<\/strong> The file has been moved into quarantine.<\/li>\n\n\n\n<li><strong>Content removed:<\/strong> The file&#8217;s content was believed to be harmful and has been removed.<\/li>\n\n\n\n<li><strong>Cleanup in progress:<\/strong> The harmful content of the file is currently being deleted.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Actions:<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Add to Ignore List:<\/strong> Ignore this file. This means that the file will be removed from the list and will be excluded from future Imunify360 scans.<\/li>\n\n\n\n<li><strong>Delete permanently:<\/strong> Remove the file permanently.<\/li>\n\n\n\n<li><strong>View file:<\/strong> Show the file&#8217;s content. If it&#8217;s a large file, only the first 100Kb will be shown.<\/li>\n\n\n\n<li><strong>Move to quarantine:<\/strong> Move the file into quarantine.<\/li>\n\n\n\n<li><strong>Cleanup file:<\/strong> Remove harmful code from the file.<\/li>\n\n\n\n<li><strong>Restore from quarantine:<\/strong> Restore a file that has previously been moved to quarantine.<\/li>\n\n\n\n<li><strong>Restore original file:<\/strong> Restore the file as it was before the malicious code was removed. Only doable within 14 days after the original file was removed. If more time has passed, you need to <a rel=\"noreferrer noopener\" href=\"https:\/\/www.oderland.se\/support\/en\/artikel\/how-do-i-restore-backups-via-acronis-backup\/\" target=\"_blank\">restore the file from backup<\/a> manually.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">History<\/h2>\n\n\n\n<p>Under History, all actions Imunify360 has taken in the past will be shown. For example, if a malicious file is deleted, it&#8217;ll be shown as <code>Cleaned<\/code> under <code>Event<\/code>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-search-by-event.png\"><img loading=\"lazy\" decoding=\"async\" width=\"187\" height=\"120\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-search-by-event.png\" alt=\"\" class=\"wp-image-10218\"\/><\/a><\/figure>\n\n\n\n<p>If you click on the path to a file, you&#8217;ll see all events for that specific file. You may also click an event to see all events of that kind.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ignore list<\/h2>\n\n\n\n<p>If you chose to ignore a file, as we described <a href=\"#files\">above<\/a>, the file will show up in the table here.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-ignore-list.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1796\" height=\"153\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-ignore-list.png\" alt=\"\" class=\"wp-image-10220\"\/><\/a><\/figure>\n\n\n\n<p>You may also add files that should be ignored manually by clicking <code>Add new file or directory<\/code>. You need to enter the full path to the file or folder. This is a nice feature if your websites distributes legitimate files that for some reason is recognised as harmful. One such example is if the files contain encrypted source code.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-ignore-add-new.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1804\" height=\"244\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-ignore-add-new.png\" alt=\"\" class=\"wp-image-10222\"\/><\/a><\/figure>\n\n\n\n<p>If you want to remove a file from the ignore list, just click the trashcan icon to the right of the file.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-ignore-remove.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1804\" height=\"244\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-ignore-remove.png\" alt=\"\" class=\"wp-image-10224\"\/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Proactive Defense<\/h2>\n\n\n\n<p>Proactive Defense is a feature that focuses on what happens on your account, instead of focusing on file content. Currently, Imunify360 only checks what PHP scripts running on your account is trying to do. If Imunify360 recognises that a PHP script is doing something it shouldn&#8217;t, it will by default kill its process.<\/p>\n\n\n\n<p>You can tell Imunify360 how to react upon discovering suspicious scripts under <code>Mode settings<\/code>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Disabled:<\/strong> Proactive Defense is disabled and will do nothing.<\/li>\n\n\n\n<li><strong>Log only:<\/strong> No processes will be killed, Proactive Defense will only log what it found under <code>Detected Events<\/code>.<\/li>\n\n\n\n<li><strong>Kill Mode:<\/strong> The process will be killed as soon as suspicious behaviour is detected.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-proactive-defense-mode.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1262\" height=\"132\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/03\/imunify-proactive-defense-mode.png\" alt=\"\" class=\"wp-image-10227\"\/><\/a><\/figure>\n\n\n\n<p>Below Mode settings, you&#8217;ll find the Proactive Defense log:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/04\/imunify360_pd_log_tiny.png\"><img loading=\"lazy\" decoding=\"async\" width=\"2676\" height=\"230\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/04\/imunify360_pd_log_tiny.png\" alt=\"\" class=\"wp-image-10573\"\/><\/a><\/figure>\n\n\n\n<p>Here, the following information will be shown:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Detection Date\/Time:<\/strong> When the activity was logged by Proactive Defense.<\/li>\n\n\n\n<li><strong>Description:<\/strong> A description of what has been logged. Will often mention <code>Blamer detection<\/code>.<\/li>\n\n\n\n<li><strong>Script Path:<\/strong> The path to the script that triggered Proactive Defense.<\/li>\n\n\n\n<li><strong>First script call from:<\/strong> From what IP address the script was called\/started.<\/li>\n\n\n\n<li><strong>Action:<\/strong> What Proactive Defense did. If <code>Kill Mode<\/code> is activated as described above, it&#8217;ll say <code>KILL<\/code> here. If the mode <code>Log only<\/code> is selected, you&#8217;ll see <code>LOGGED<\/code> here instead.<\/li>\n\n\n\n<li><strong>Actions:<\/strong> By clicking the eye icon, you&#8217;ll see more information about the logged activity:<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/04\/imunify360_blamer_detection_tiny.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1847\" height=\"2873\" src=\"https:\/\/www.oderland.se\/support\/wp-content\/uploads\/2020\/04\/imunify360_blamer_detection_tiny.png\" alt=\"\" class=\"wp-image-10576\"\/><\/a><\/figure>\n\n\n\n<p>On top, you&#8217;ll see three buttons:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Ignore detected rule for this file:<\/strong> Tell Proactive Defense to ignore the rule that triggered an action for this file.<\/li>\n\n\n\n<li><strong>Ignore all rules for this file:<\/strong> Tell Proactive Defense to ignore all rules for this file.<\/li>\n\n\n\n<li><strong>View file content:<\/strong> Show the content of the file.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Settings<\/h2>\n\n\n\n<p>Click the gear icon to the very right of the menu for Imunify360 to access its settings.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Malware<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Default action on detect:<\/strong> Instructs Imunify360 what to do upon detection of a harmful file.\n<ul class=\"wp-block-list\">\n<li><strong>Delete permanently:<\/strong> Remove the file permanently.<\/li>\n\n\n\n<li><strong>Quarantine file:<\/strong> Move the file into quarantine.<\/li>\n\n\n\n<li><strong>Just display in dashboard:<\/strong> Just display the file under <a href=\"#files\">Files<\/a>.<\/li>\n\n\n\n<li><strong>Cleanup:<\/strong> Automatically remove malicious code from the file.<\/li>\n\n\n\n<li><strong>Cleanup, Quarantine as fallback:<\/strong> The same as above, but move the file into quarantine if the malicious code cannot be removed for some reason.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Proactive Defense<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>Enable blamer:<\/strong> Report suspicious behaviour observed by PHP scripts to CloudLinux so they can make Imunify360 even better.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Imunify360 is the name of the software we use to protect our clients from attacks and malicious code. It&#8217;s included in all web hosting accounts, our Agency services and on all newer Managed Servers. If you have a Managed Server today and lack Imunify360, please contact us if you want&#8230;<\/p>\n","protected":false},"author":12,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"ht-kb-category":[212],"ht-kb-tag":[],"class_list":["post-15806","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb\/15806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/comments?post=15806"}],"version-history":[{"count":40,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb\/15806\/revisions"}],"predecessor-version":[{"id":18666,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb\/15806\/revisions\/18666"}],"wp:attachment":[{"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/media?parent=15806"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb-category?post=15806"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.oderland.se\/support\/en\/wp-json\/wp\/v2\/ht-kb-tag?post=15806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}