diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh
index faf7728..5f7e6cd 100755
--- a/modules/security/malware-scanner.sh
+++ b/modules/security/malware-scanner.sh
@@ -803,6 +803,21 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
 
     case "$scanner" in
         imunify)
+            # ImunifyAV has built-in exclusions that prevent comprehensive system scanning
+            # Only use ImunifyAV for user-focused scans (not full server scans)
+            if [ "${#SCAN_PATHS[@]}" -eq 1 ] && [ "${SCAN_PATHS[0]}" = "/" ]; then
+                echo ""
+                echo "ℹ️  Skipping ImunifyAV for full server scan"
+                echo "   Reason: ImunifyAV has built-in exclusions that skip system directories"
+                echo "   ClamAV and Maldet will provide comprehensive coverage instead"
+                echo ""
+                log_message "ImunifyAV: Skipped (not suitable for full server scans - use ClamAV/Maldet instead)"
+                {
+                    echo "⊘ ImunifyAV scan skipped (not suitable for full system scans)"
+                } >> "$SUMMARY_FILE"
+                continue
+            fi
+
             SCAN_START=$(date +%s)
             log_message "ImunifyAV: Updating signatures"
 
@@ -811,31 +826,14 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
                 echo "⚠️  WARNING: Signature update failed, using existing signatures"
             fi
 
-            log_message "ImunifyAV: Starting on-demand scan (synchronous)"
+            log_message "ImunifyAV: Starting on-demand scan"
 
             # Use on-demand start with background monitoring for progress
             LAST_SCAN=""
             TOTAL_FILES_SCANNED=0
 
-            # ImunifyAV has built-in exclusions that skip /usr, /opt, /var system directories
-            # When scanning "/", expand to comprehensive paths for better coverage
-            local IMUNIFY_SCAN_PATHS=()
-            if [ "${#SCAN_PATHS[@]}" -eq 1 ] && [ "${SCAN_PATHS[0]}" = "/" ]; then
-                log_message "ImunifyAV: Expanding / to comprehensive scan paths"
-                # Scan all major directories that might contain malware
-                IMUNIFY_SCAN_PATHS=(
-                    "/home"           # All user home directories
-                    "/var/www"        # Web content
-                    "/usr/local"      # Locally installed software
-                    "/opt"            # Optional software packages
-                    "/var/lib"        # Variable state information
-                    "/tmp"            # Temporary files
-                    "/var/tmp"        # Persistent temp files
-                    "/root"           # Root user home
-                )
-            else
-                IMUNIFY_SCAN_PATHS=("${SCAN_PATHS[@]}")
-            fi
+            # For user-focused scans, use paths as-is
+            local IMUNIFY_SCAN_PATHS=("${SCAN_PATHS[@]}")
 
             for path in "${IMUNIFY_SCAN_PATHS[@]}"; do
                 if [ -d "$path" ]; then
@@ -2017,11 +2015,11 @@ show_scan_menu() {
         echo ""
 
         echo -e "${CYAN}Create New Scan:${NC}"
-        echo "  1. Scan entire server (full system - all directories)"
-        echo "  2. Scan all user accounts (all user home directories)"
-        echo "  3. Scan specific user account"
-        echo "  4. Scan specific domain"
-        echo "  5. Scan custom path"
+        echo "  1. Scan entire server (ClamAV, Maldet, RKHunter)"
+        echo "  2. Scan all user accounts (All scanners - recommended)"
+        echo "  3. Scan specific user account (All scanners)"
+        echo "  4. Scan specific domain (All scanners)"
+        echo "  5. Scan custom path (All scanners)"
         echo ""
         echo -e "${CYAN}Monitor & Manage:${NC}"
         echo "  6. Check scan status"