diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh
index 80fac77..999efa8 100755
--- a/modules/security/malware-scanner.sh
+++ b/modules/security/malware-scanner.sh
@@ -1124,7 +1124,7 @@ launch_standalone_scanner_menu() {
         esac
     else
         echo "Select scan scope:"
-        echo "  1. Entire server (all docroots)"
+        echo "  1. Entire server (scan from / - WARNING: may take several hours)"
         echo "  2. Specific user account"
         echo "  3. Specific domain"
         echo "  4. Custom path"
@@ -1139,10 +1139,21 @@ launch_standalone_scanner_menu() {
             scan_paths=("/")
             scan_description="full server scan"
 
-            if [ ${#scan_paths[@]} -eq 0 ]; then
-                echo -e "${RED}No scan paths found!${NC}"
+            echo ""
+            echo -e "${YELLOW}WARNING: Full server scan from /${NC}"
+            echo "This will scan the ENTIRE filesystem including:"
+            echo "  • All user directories"
+            echo "  • System files"
+            echo "  • Application files"
+            echo ""
+            echo "This scan may take several hours and use significant resources."
+            echo ""
+            read -p "Are you sure you want to proceed? (yes/no): " confirm_full_scan
+
+            if [ "$confirm_full_scan" != "yes" ]; then
+                echo "Cancelled."
                 read -p "Press Enter to continue..."
-                return 1
+                return 0
             fi
 
             echo ""