At Monarx, we prioritize both security and server stability. To ensure your websites are protected without sacrificing performance, we utilize a tiered scanning architecture. Understanding how these scans work will help you manage your server resources and security expectations.
There are three primary types of scans performed by the Monarx Agent:
1. The Initial Scan
The Initial Scan occurs immediately after the Monarx Agent is successfully installed on your server. This is a comprehensive "deep dive" where our engine catalogues and analyzes every file within the scoped directories to establish a security baseline.
Duration: This can take anywhere from a few hours to a day, depending entirely on the volume of files on the server and the available resources.
βPerformance Optimization: We strive to maintain a minimal CPU footprint. Our agent uses adaptive methods to monitor server load; if it detects high resource usage from your legitimate web traffic, it will automatically throttle the scanning rate to ensure your users aren't impacted.
2. Delta Scans (Periodic)
Once the Initial Scan is complete, Monarx moves into Delta Scanning mode. These are incremental scans designed to find new or modified files that have appeared since the last check.
Frequency: A Delta Scan is triggered two hours after the previous scan has finished.
βEfficiency: Because these scans only focus on changes (the "deltas"), they are significantly faster than the initial baseline scan and keep your protection up to date throughout the day.
3. On-Demand Scans
On-Demand Scans are user-initiated and provide you with the flexibility to check specific areas of your server at any time. This is particularly useful after migrating a new site or if you suspect a specific directory has been compromised.
Targeted Coverage: You can trigger these via the dashboard or CLI for a specific path or an entire user home directory.
βDuration: Depending on the size of the targeted path, an on-demand scan can take anywhere from less than a minute (for a single folder) to a few hours (for a full server sweep).
Summary of Scanning Cycles
Scan Type | When it Runs | Purpose |
Initial | At Installation | Catalogues all files to create a security baseline. |
Delta | Every 2 hours (after last finish) | Checks for new, modified, or moved files. |
On-Demand | When triggered by you | Immediate verification of a specific path or user. |
Pro-Tip: Real-Time Protection
Remember that while these scans look at files "at rest" on your disk, Monarx ThreatShield (RASP) is always running in the background. ThreatShield provides real-time protection by intercepting malicious PHP execution the moment it happens, regardless of when the last scheduled scan took place.