diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh
index 4556aa0..19c392e 100755
--- a/modules/security/malware-scanner.sh
+++ b/modules/security/malware-scanner.sh
@@ -575,24 +575,37 @@ log_message() {
 cleanup_on_exit() {
     local exit_code=$?
     echo ""
-    log_message "Cleanup triggered (exit code: $exit_code)"
+
+    # Only log if session log exists
+    if [ -f "$SESSION_LOG" ]; then
+        log_message "Cleanup triggered (exit code: $exit_code)"
+    fi
 
     # Remove temporarily installed RKHunter
-    if [ "$RKHUNTER_TEMP_INSTALLED" = "true" ]; then
-        log_message "Removing temporarily installed RKHunter..."
+    if [ "${RKHUNTER_TEMP_INSTALLED:-false}" = "true" ]; then
+        if [ -f "$SESSION_LOG" ]; then
+            log_message "Removing temporarily installed RKHunter..."
+        fi
         echo "→ Cleaning up: Removing Rootkit Hunter..."
         if command -v yum &>/dev/null; then
             yum remove -y rkhunter &>/dev/null 2>&1
-            log_message "RKHunter removed"
+            if [ -f "$SESSION_LOG" ]; then
+                log_message "RKHunter removed"
+            fi
         fi
     fi
 
-    # Save interrupted status
-    if [ $exit_code -ne 0 ]; then
-        echo "SCAN INTERRUPTED" >> "$SUMMARY_FILE"
-        echo "Exit code: $exit_code" >> "$SUMMARY_FILE"
-        echo "Time: $(date)" >> "$SUMMARY_FILE"
-        log_message "Scan interrupted with exit code: $exit_code"
+    # Save interrupted status (only if summary file directory exists)
+    if [ $exit_code -ne 0 ] && [ -d "$RESULTS_DIR" ]; then
+        {
+            echo ""
+            echo "SCAN INTERRUPTED"
+            echo "Exit code: $exit_code"
+            echo "Time: $(date)"
+        } >> "$SUMMARY_FILE"
+        if [ -f "$SESSION_LOG" ]; then
+            log_message "Scan interrupted with exit code: $exit_code"
+        fi
     fi
 }
 
@@ -774,6 +787,7 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
             log_message "ImunifyAV: Starting on-demand scan (synchronous)"
 
             # Use on-demand start (synchronous) instead of queue (asynchronous)
+            LAST_SCAN=""
             for path in "${SCAN_PATHS[@]}"; do
                 if [ -d "$path" ]; then
                     log_message "ImunifyAV: Scanning $path"
@@ -802,7 +816,11 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do
 
             # Extract malicious file count
             # Skip header line and count data rows, or use TOTAL_MALICIOUS from most recent scan
-            IMUNIFY_INFECTED=$(echo "$LAST_SCAN" | awk '{print $12}')
+            if [ -n "$LAST_SCAN" ]; then
+                IMUNIFY_INFECTED=$(echo "$LAST_SCAN" | awk '{print $12}')
+            else
+                IMUNIFY_INFECTED=0
+            fi
             # Verify we got a valid number, otherwise try malicious list
             if ! [[ "$IMUNIFY_INFECTED" =~ ^[0-9]+$ ]]; then
                 IMUNIFY_INFECTED=$(imunify-antivirus malware malicious list 2>/dev/null | tail -n +2 | wc -l || echo 0)