Skip to content

malwatch

Usage

defended-net/malwatch

malwatch

defended-net/malwatch

Introduction
Introduction
- Why
Getting Started
Getting Started
- Quick Start
- Config Files
  Config Files
  - Layout
  - Secrets
  - Env Vars
- Commands
Usage
Usage
- Usage Usage
  Table of contents
- Signatures
  Signatures
  - Overview
  - Update
  - Refresh
- Actions
  Actions
  - Overview
  - Whitelist
  - Skip
  - Alert
  - Quarantine
  - Exile
  - Clean
cPanel
cPanel
- Usage
Developers
Developers
- Integrations
- Changelog
Support Project
Homepage

Usage

Realtime

cmd: `malwatch-monitor start`

Realtime file scanning is our recommended mode of operation. File changes are collected in a deduplicated list of paths which is eventually batched for a scan based on the Monitor section's Timeout config variable. This approach prevents recurring file modifications as a technique to bypass a timer reset.

It is possible to perform an on demand file scan while a real time scanner is running.

Attended

cmd: `malwatch scan [path]`

Attended scans are invoked by a user using the scan command followed by a proceeding path. Results are displayed upon completion.

Unattended

cmd: `malwatch scan`

Unattended scans are meant to perform regular file scans without an operator. This mode can be used with the scan command without a proceeding path.