diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh
index 4f1bf2d..a0e7707 100755
--- a/modules/security/malware-scanner.sh
+++ b/modules/security/malware-scanner.sh
@@ -1878,27 +1878,52 @@ launch_standalone_scanner_menu() {
             echo ""
             echo "Scanning all user home directories..."
 
-            # Determine user base directory based on control panel
-            local user_base_dir
+            # Determine user directories based on control panel
+            # Each panel has different home directory structures
+            scan_paths=()
             case "$CONTROL_PANEL" in
                 plesk)
-                    user_base_dir="/var/www/vhosts"
+                    # Plesk: /var/www/vhosts/username/ (exclude 'system' subdirectory)
+                    # Find all user vhosts (skip 'system' which contains configs)
+                    while IFS= read -r vhost_dir; do
+                        [ -n "$vhost_dir" ] && [ -d "$vhost_dir" ] && scan_paths+=("$vhost_dir")
+                    done < <(find /var/www/vhosts -maxdepth 1 -type d -name "[a-zA-Z0-9]*" ! -name "system" ! -name "." 2>/dev/null | sort)
+                    scan_description="all Plesk user vhosts (excluding system configs)"
                     ;;
-                cpanel|interworx|standalone)
-                    user_base_dir="/home"
+                cpanel)
+                    # cPanel: /home/username/ (standard)
+                    while IFS= read -r home_dir; do
+                        [ -n "$home_dir" ] && [ -d "$home_dir" ] && scan_paths+=("$home_dir")
+                    done < <(find /home -maxdepth 1 -type d ! -name "." ! -name ".." ! -name "lost+found" 2>/dev/null | sort)
+                    scan_description="all cPanel user home directories"
+                    ;;
+                interworx)
+                    # InterWorx: /home/username/domain.com/html
+                    # Can also scan /home/username for all user content
+                    while IFS= read -r user_dir; do
+                        [ -n "$user_dir" ] && [ -d "$user_dir" ] && scan_paths+=("$user_dir")
+                    done < <(find /home -maxdepth 1 -type d ! -name "." ! -name ".." 2>/dev/null | sort)
+                    scan_description="all InterWorx user directories"
                     ;;
                 *)
-                    user_base_dir="/home"
+                    # Standalone: /home/username/
+                    while IFS= read -r home_dir; do
+                        [ -n "$home_dir" ] && [ -d "$home_dir" ] && scan_paths+=("$home_dir")
+                    done < <(find /home -maxdepth 1 -type d ! -name "." ! -name ".." ! -name "lost+found" 2>/dev/null | sort)
+                    scan_description="all user home directories"
                     ;;
             esac
 
-            # Add the user base directory to scan paths
-            scan_paths=("$user_base_dir")
-            scan_description="all user accounts in $user_base_dir"
+            # Check if any paths were found
+            if [ ${#scan_paths[@]} -eq 0 ]; then
+                echo -e "${YELLOW}Warning: No user directories found${NC}"
+                read -p "Press Enter to continue..."
+                return 1
+            fi
 
             echo "Control Panel: ${CONTROL_PANEL^}"
-            echo "User directory: $user_base_dir"
-            echo "Scan scope: All user home directories"
+            echo "User directories found: ${#scan_paths[@]}"
+            echo "Scan scope: $scan_description"
             ;;
 
         3)