Skip to main content
Basic Terminology

Getting started with some basic Monarx terminology

Will avatar
Written by Will
Updated over a week ago

Insights Only and Active Protection modes

When first beginning a Monarx trial license Agent, the Agents will be in “Insights Only” (IO) mode. In this mode no remediation of malware files will occur, and no other automatic, proactive protection will be enabled. This allows you to review detections and get comfortable with the Monarx technology before we begin taking any action on your servers. You can see what we’ve found, understand the actions we would take, and verify that there are no false positives that would impact your customers’ sites.

Once you’re comfortable you can give the approval to turn on Active Protection, and the Monarx team will turn it on for you. This will remediate all existing malware, then protect your servers and customers from infections going forward. Active Protection does this automatically and in real-time.

Once Active Protection is enabled, you should see your team’s time be freed up from not having to deal with attacks that cause manual review/cleanup, as well as fewer customer support tickets on servers with Monarx installed.

Note that Active Protection can also be enabled in per-user mode on shared servers to support upselling to your customers. In this case, Monarx detects malware for all users on the server, but only provides automatic protection and remediation for users who have upgraded to the appropriate hosting package. For all other users, Insights Only mode provides you with the critical sales leads you need to convert your customers at a high rate. You can manage per-user Active Protection via the Monarx web app, or with simple API calls.

File Classification

Monarx classifies files into one of the following categories:

  • clean

  • malicious (standalone)

  • compromised (injected)

  • suspicious


Refers to a file that contains malicious code only - nothing that is an intended part of the website. When Active Protection is enabled, Monarx can be configured to either quarantine these files, or else to block their execution via the Protect Zend extension. Since these files are not necessary to the proper functioning of customer websites, either of these actions are safe to take.


Refers to a file that is an intended part of the website into which malicious code has been injected. When Active Protection is enabled, Monarx will clean these files by removing the injected malware.


Refers to files that cannot be classified as malicious or compromised with enough certainty to enable automatic remediation safely. Monarx reviews these files continuously to improve the product’s classification performance, and will automatically reclassify them on a regular basis – but they are also exposed to you in case you wish to do any analysis yourself in the interim.

You'll find explanations to most column headers and terms in the Monarx web app - just hover over the "i" icon next to each one

Did this answer your question?