This article covers the Per-User Active Protection section of the Monarx Web App, which lets you enable Monarx Active Protection on a granular, per-user and per-path basis.
What Is Active Protection?
Active Protection Mode turns the Monarx agent from a passive detector into a proactive one: when enabled, it automatically remediates malware in real time — deleting or quarantining purely malicious files, and surgically removing injected code from otherwise legitimate (compromised) files, without taking the site down.
Active Protection isn't only a server-wide switch. It can also be scoped to specific users/accounts on a shared server, which gives hosting partners a clear upsell opportunity: you can target specific customers and bundle Active Protection alongside other premium services like ThreatShield, and WordPress Site Cleanups, rather than requiring an all-or-nothing rollout across an entire server.
The Per-User Active Protection Page
This page lists every user/path currently provisioned for per-user Active Protection, with the following columns:
Host ID: The unique identifier for the server the user account lives on.
User: The account name the configuration applies to. Note that this name is descriptive only — the actual protection setting is tied to the path (home directory) below, not the username itself.
Path: The home directory that Active Protection applies to. All eligible files under this path are covered.
Active Protection: The current status — Enabled or Disabled.
Discovered: The date/time this user/path was provisioned.
Enterprise ID: The unique ID for the account this configuration belongs to.
How can you provision a New User/Path in Per User Active Protection?
Option 1: Via the Web App
Click the green + New button in the top right of the page to manually provision Active Protection for a new user/path. You will need to provide the linux username, hostname (as registered in Monarx Agents) and the full path to the user directory that you'd like to make eligible for Auto Protect.
Option 2: Via the API
💡 Full Monarx API Documentation can be found here.
Hosting partners can also provision (or update) per-user Active Protection programmatically using the auto-protect endpoint:
POST https://api.monarx.com/v1/enterprise/{enterprise_id}/agent/{id}/auto-protect/user/{user}Path parameters:
enterprise_id— your Enterprise IDid— the Agent ID of the server the user lives onuser— a descriptive user name, unique per agent (this label doesn't need to match a real system account — settings are tied tohome_dir)
Request body:
{ "enabled": true, "home_dir": "/home/user123/" }Example (curl):
curl -X POST "https://api.monarx.com/v1/enterprise/YOUR_ENTERPRISE_ID/agent/YOUR_AGENT_ID/auto-protect/user/user123" \ -H "x-api-id: YOUR_API_KEY_ID" \ -H "x-api-key: YOUR_API_SECRET_KEY" \ -H "Content-Type: application/json" \ -d '{"enabled": true, "home_dir": "/home/user123/"}'A successful request returns 202 Accepted. Requires the agent:update permission scope (Permissions > Developer > Agent Update).
A few important notes on behavior
Initial enablement applies remediation to all eligible files already discovered under that
home_dir, as well as any discovered afterward. It does NOT cover files outside of this directory such as parent folders or different locations.Changing the setting causes remediation to be re-evaluated (and possibly changed) for all files under that
home_dir.Disabling Active Protection for a user stops automatic remediation going forward, but does not restore files that were already cleaned, patched, or quarantined while it was enabled.
Per-user configuration only applies on shared servers where the agent is running in per-user mode for Automatic Protection.
Related Articles


