Basic Terminology

When first beginning a Monarx trial license Agent, the Agents will be in “Detect” mode. In this mode no remediation of malware files will occur, and no other automatic, proactive protection will be enabled. This allows you to review detections and get comfortable with the Monarx technology before we begin taking any action on your servers. You can see what we’ve found, understand the actions we would take, and verify that there are no false positives that would impact your customers’ sites.

Once you’re comfortable you can give the approval to turn on Active Protection, and the Monarx team will turn it on for you. This will remediate all existing malware, then protect your servers and customers from infections going forward. Active Protection does this automatically and in real-time.

Once Active Protection is enabled, you should see your team’s time be freed up from not having to deal with attacks that cause manual review/cleanup, as well as fewer customer support tickets on servers with Monarx installed.

Note that Active Protection can also be enabled in per-user mode on shared servers to support upselling to your customers. In this case, Monarx detects malware for all users on the server, but only provides automatic protection and remediation for users who have upgraded to the appropriate hosting package. For all other users, Insights Only mode provides you with the critical sales leads you need to convert your customers at a high rate. You can manage per-user Active Protection via the Monarx web app, or with simple API calls.

Monarx classifies files into one of the following categories:

Malicious:
Malicious files consist entirely of harmful code, with no legitimate purpose or content tied to the website or application they inhabit. These files are designed solely to cause damage or unauthorized activity. With Active Protection activated, Monarx automatically quarantines these files—isolating them from execution—and often blocks their execution entirely using the Protect Zend extension.

Compromised:
Compromised files are legitimate elements of a website or application that have been tainted by malicious code. Originally designed for valid purposes, these files have been altered through malware injection. With Active Protection enabled, Monarx automatically restores their integrity by removing the malicious code while preserving the original, legitimate functionality.

Suspicious:
Suspicious files exhibit traits that raise concern but lack sufficient evidence to be definitively labeled as malicious or compromised. This uncertainty prevents safe automated remediation. Monarx continuously analyzes these files to refine its classification accuracy and periodically reclassifies them as new insights emerge. Unlike other products, Monarx rarely surfaces suspicious files to end users in an effort to eliminate as much noise as possible.

PUA (Potentially Unwanted Application):
PUA (Potentially Unwanted Application) files encompass legitimate or potentially legitimate software—such as file managers, database tools (e.g., Adminer), and .htaccess files—that threat actors frequently exploit to maintain persistence in compromised systems. Despite their valid uses, these files carry inherent risks. The Monarx Agent classifies them as PUA, leaving them intact for possible legitimate purposes while alerting users to the potential dangers, empowering informed decisions. Unlike "Malicious" files, Monarx does not automatically remediate PUA files.

Vulnerable:
Vulnerable files contain known security weaknesses that require—or previously required—a patch to mitigate exploitation risks. These files aren’t inherently malicious but could be targeted by attackers if left unaddressed.

You'll find explanations to most column headers and terms in the Monarx web app - just hover over the "i" icon next to each one