diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh
index dae5983..80fac77 100755
--- a/modules/security/malware-scanner.sh
+++ b/modules/security/malware-scanner.sh
@@ -867,47 +867,54 @@ echo ""
 echo "=========================================="
 echo ""
 
-# Prompt for cleanup
-read -p "Delete scan directory and all results? (yes/no): " cleanup_choice
-
-if [ "$cleanup_choice" = "yes" ]; then
-    log_message "User requested cleanup - deleting scan directory"
-    echo ""
-    echo "Removing scan directory..."
-    cd /
-    rm -rf "$SCAN_DIR"
-    echo -e "${GREEN}✓ Scan directory deleted${NC}"
-    echo ""
-    echo "This screen session will now close."
-    sleep 2
-else
-    log_message "User chose to keep results"
-    echo ""
-    echo "Results preserved at: $SCAN_DIR"
-    echo ""
-    echo "You can:"
-    echo "  • Review logs: ls $LOG_DIR"
-    echo "  • View summary: cat $SUMMARY_FILE"
-    echo "  • Delete manually: rm -rf $SCAN_DIR"
-    echo ""
-    echo "Press Ctrl+A then D to detach from this screen session"
-    echo ""
-fi
-
 # Cleanup: Remove rkhunter if it was temporarily installed
 if [ "$RKHUNTER_TEMP_INSTALLED" = "true" ]; then
     log_message "Removing temporarily installed RKHunter..."
-    echo ""
     echo "→ Cleaning up: Removing Rootkit Hunter..."
-
     if command -v yum &>/dev/null; then
         yum remove -y rkhunter &>/dev/null
         echo "  ✓ RKHunter removed"
         log_message "RKHunter successfully removed"
     fi
+    echo ""
 fi
 
-log_message "Scan session ended"
+# Prompt for cleanup
+read -p "Delete scan script? (Logs and results will be preserved) (yes/no): " cleanup_choice
+
+if [ "$cleanup_choice" = "yes" ]; then
+    log_message "User requested cleanup - deleting scan script"
+    echo ""
+    echo "Removing scan script..."
+    rm -f "$SCAN_DIR/scan.sh"
+    echo -e "${GREEN}✓ Scan script deleted${NC}"
+    echo ""
+    echo "Results preserved at: $SCAN_DIR"
+    echo ""
+else
+    log_message "User chose to keep scan script"
+    echo ""
+    echo "Scan script and results preserved at: $SCAN_DIR"
+    echo ""
+fi
+
+echo "You can:"
+echo "  • Review logs: ls $LOG_DIR"
+echo "  • View summary: cat $SUMMARY_FILE"
+echo "  • Delete scan directory manually: rm -rf $SCAN_DIR"
+echo ""
+echo "Press Ctrl+A then D to detach from this screen session,"
+echo "or press Enter to open an interactive shell in this session..."
+echo ""
+read -t 30 -p ""
+
+# Keep screen session alive with an interactive shell
+echo ""
+echo "Opening interactive shell. Type 'exit' to close this screen session."
+echo ""
+
+log_message "Scan session ended - opening interactive shell"
+exec bash
 STANDALONE_EOF
 
     # Replace placeholder with actual paths
@@ -1129,17 +1136,17 @@ launch_standalone_scanner_menu() {
     case $scope_choice in
         1)
             # Entire server
-            scan_paths=("${sanitized_docroot[@]}")
+            scan_paths=("/")
             scan_description="full server scan"
 
             if [ ${#scan_paths[@]} -eq 0 ]; then
-                echo -e "${RED}No docroots found!${NC}"
+                echo -e "${RED}No scan paths found!${NC}"
                 read -p "Press Enter to continue..."
                 return 1
             fi
 
             echo ""
-            echo "Scan paths: ${#scan_paths[@]} docroots"
+            echo "Scan scope: Entire server from /"
             ;;
 
         2)