Skip to main content

How to Trigger a Manual Malware Scan

Written by Salvador Aguilar

This guide shows you how to trigger a manual scan on a server. There are two ways to do this: through the Monarx web app, or via the Monarx API.

Prerequisites

Method 1: Via the Monarx Web App

1. Navigate to the server's agent page

Go to Dashboard > Server Agents, then select the server you want to scan.

2. Open the Scans tab

In the right sidebar, click the Scans tab. This shows details of the last scan, including:

  • Number of users scanned

  • Scan type

  • Status

  • Files scanned

  • Start time and end time

  • Total scan duration

3. Start a manual scan

Below the last scan details, find the Manual Scans card. Enter the full path you want to scan, then click Scan. That's all that's needed to kick off the scan.

Method 2: Via the Monarx API

📚 Full API Documentation can be found https://api.monarx.com/docs/#/scan-request.

The scan-request endpoint lets you submit an on-demand scan programmatically — useful for scripting or integrating scans into your own tooling.

1. Authenticate

Every request needs both API key headers:

Header

Value

x-api-id

Your API Key ID

x-api-key

Your API Secret Key

See Provisioning API Keys if you need to generate a key pair. The key must have the scan_request:create scope to submit a scan, and scan_request:read to check its status.

2. Submit the scan request

POST https://api.monarx.com/v1/enterprise/{enterprise_id}/agent/{agent_id}/scan-request

Path parameters:

  • enterprise_id — your Enterprise ID

  • agent_id — the Agent ID of the server you want to scan

Request body:

{   "directory": "/path/to/directory/" }

Example (curl):

curl -X POST "https://api.monarx.com/v1/enterprise/YOUR_ENTERPRISE_ID/agent/YOUR_AGENT_ID/scan-request" \   -H "x-api-id: YOUR_API_KEY_ID" \   -H "x-api-key: YOUR_API_SECRET_KEY" \   -H "Content-Type: application/json" \   -d '{"directory": "/home/example/public_html/"}'

A successful request returns 202 Accepted with the new scan request record:

{
"id": "string",
"audit_created": "2026-07-14T18:44:21.078Z",
"audit_modified": "2026-07-14T18:44:21.078Z",
"enterprise_id": "string",
"host_id": "server1.hoster.com",
"directory": "/path/to/directory/",
"status": "requested",
"_links": {
"self": {
"href": "https://api.monarx.com/v1/enterprise/{enterprise_id}/agent/{agent_id}/scan-request/{id}"
}
}
}

Save the id from the response — you'll need it to check on the scan's progress.

3. Check scan status

GET https://api.monarx.com/v1/enterprise/{enterprise_id}/agent/{agent_id}/scan-request/{id}

Example (curl):

curl -X GET "https://api.monarx.com/v1/enterprise/YOUR_ENTERPRISE_ID/agent/YOUR_AGENT_ID/scan-request/SCAN_REQUEST_ID" \   -H "x-api-id: YOUR_API_KEY_ID" \   -H "x-api-key: YOUR_API_SECRET_KEY"

Returns 200 OK with the current record, including scan results once complete:

{   "id": "string",   "audit_created": "2026-07-14T18:44:21.084Z",   "audit_modified": "2026-07-14T18:44:21.084Z",   "enterprise_id": "string",   "host_id": "server1.hoster.com",   "directory": "/path/to/directory/",   "status": "requested",   "error": null,   "scan_result": {     "start": "2026-07-14T18:44:21.084Z",     "end": "2026-07-14T18:44:21.084Z",     "duration": 0,     "files": 0   },   "_links": {     "self": {       "href": "https://api.monarx.com/v1/enterprise/{enterprise_id}/agent/{agent_id}/scan-request/{id}"     }   } }

Poll this endpoint until status moves past requested and scan_result is populated with start, end, duration, and files scanned.

Common API errors

Code

Meaning

401 Unauthorized

Missing or invalid x-api-id/x-api-key headers

403 Forbidden

The API key is valid but lacks the required scan_request:create or scan_request:read scope

Reviewing Scan Results

If the scan finds anything, results surface in Dashboard > Files. Filter by path, agent_id, or both to narrow down to the server/path you just scanned.

If a suspected malware file doesn't appear in the results

If you expected a specific file to be flagged as malware but it isn't listed under Dashboard > Files, please submit a false negative or upload a sample so our team can review it.

Still Having Issues?

Contact Monarx support via live chat if you're unable to trigger a scan or have questions about the results.

Did this answer your question?