Malware Scan

I have the same problem. The last update was yesterday.

4 paths were skipped for the malware scan due to scan settings
Type: Skipped Paths
Issue Found 14/01/2020 8:08 AM

The paths skipped are ~/.quarantine, ~/.tmb, ~/blogs, and ~/tmp

• This reply was modified 4 years, 10 months ago by HRUOD.
• This reply was modified 4 years, 10 months ago by HRUOD.

I am also having this problem since the update 1/13/20 – two of my sites, same host (Siteground), but different accounts, reported:

Low Severity Problems:
* 3 paths were skipped for the malware scan due to scan settings

Low Severity Problems:
* 10 paths were skipped for the malware scan due to scan settings

I understand that they are considered “low severity” – but having been hacked years ago, they bring on some PTSD!

Wordfence folks – will you return us to the point where we don’t get these notices?

Thanks.

The message says that the folders have not been checked, I don’t think it’s a problem. But, it bothers to see these messages.

I’m getting the same notification, so far on two sites. And in WordFence, can’t find any reference to the issue in scan results.

UPDATE:

I did a new scan and now the issue showed in scan results:

Details: The option “Scan files outside your WordPress installation” is off by default, which means 1 path and its file(s) will not be scanned for malware or unauthorized changes. To continue skipping this path, you may ignore this issue. Or to start scanning it, enable the option and subsequent scans will include it. Some paths may not be necessary to scan, so this is optional.

Right enough, someone left a non-WordPress folder in root.

• This reply was modified 4 years, 10 months ago by ljezard.

Thanks for reaching out and thanks for helping answer @ljezard

There is a UI bug that was in the last release that involves the new scan that checks for paths that are not scanned by default. Even if a user has no issues listed at the end of the scan, the Malware Scan icon can show a yellow triangle at the end of the scan. We have fixed this issue in version 7.4,.4 which is now available. Please update to that version as soon as you are able.

The file paths that were skipped were because the scan option “Scan files outside your WordPress installation” used to not be enabled by default. A regular Wordfence scan looks at the following: wp-admin, wp-content, wp-includes, all subdirectories of those directories – all files in your base WordPress directory. But when you enable this option, it scans all subdirectories of your WordPress installation, even if they aren’t part of WordPress. So if you have a directory that is a phpmyadmin installation or a Drupal installation, we will dive down into those directories looking for malicious code and infections, too. We decided to enable this by default to make sure we were getting the best scan results for you. You can enable it in the Scan Options section of the Scan > Scan Options and Scheduling page.

Tim

Hi! I updated Wordfence. The message continues with or without the options selected below:
– Scan files outside your WordPress installation;
– Scan images, binary, and other files as if they were executable;

Message: The paths skipped are ~ / .quarantine, ~ / .tmb, ~ / blogs, and ~ / tmp

• This reply was modified 4 years, 10 months ago by HRUOD.

As of 1/22/2020 I am still getting this notification each time WordFence runs on my three different sites. Based on what I’ve read, many issues have been fixed in the last week, but there are still some like me who are still having the problem and getting the notification.

Thanks.

Mike

Yeah I want to add my name here… I have 36 sites in my account, and I am getting a very frustrating amount of emails every day warning me about external files.

I checked the option “Scan files outside your WordPress installation” and synced the template to all sites – but i continue to get these alerts…

Any idea what is going on here?