If you’ve been running CPGuard for a while, you’ve probably seen it happen that a clean file gets flagged as “infected.”
Don’t panic. It doesn’t mean your site’s hacked. It’s just a false positive, and even the best malware scanners do that sometimes.

The good news? CPGuard gives you full control through its command-line tool, so you can check what got caught, verify it’s clean, and bring it back in just a few commands.

Here’s how I usually handle it when it happens on a client’s server.

Step 1: Check What Got Quarantined

When CPGuard thinks a file is risky, it doesn’t delete it right away — it moves it into a quarantine folder for safety.
To see what’s sitting there, run:

cpguard –list-quarantine

You’ll get a list of files that CPGuard has isolated, along with the reason it was flagged and the date.
Scroll through the list and note the filename that looks suspicious or one you’re sure should be safe.

(If you manage multiple sites on the same server, this command helps you spot what’s been flagged where.)

Step 2: Make Sure the File’s Actually Clean

Don’t restore the file right away. Take a minute to check it. Sometimes a real infection hides behind something that looks familiar.

Here’s what I usually do:

• Scan the file using another antivirus or malware tool.
• Upload it to some malware scanner for a second opinion.
• Look at its location. If it’s part of the CMS or plugin folder and know it hasn’t changed recently, it’s probably safe.

If everything looks clean and consistent, move on to restoring it.

Step 3: Restore the File

Once you’re sure it’s safe, use this command to restore it:

cpguard –restore <filename>

Example:

cpguard –restore index.php

This command pulls your file out of quarantine and puts it back in the same spot where it was before. It usually works instantly. You can double-check with the ls command to make sure it’s back in place.

Step 4: Run a Quick Scan Afterward

After restoring, it’s smart to run a fresh scan — just to be sure CPGuard doesn’t catch it again or something else isn’t lurking nearby.

cpguard –scan now

If your restored file doesn’t show up in the results this time, you’re good to go. It’s always better to confirm than assume.

Plus, if you’re certain it was a false alarm, it’s worth reporting it to the CPGuard support team.
Send them the log entry or even the file sample. They’ll review it and, if needed, adjust their detection rules so it doesn’t trigger again.
It helps everyone using CPGuard in the long run.

Quick Reference Table

Task	Command
List quarantined files	cpguard –list-quarantine
Restore a file	cpguard –restore <filename>
Add an exclusion path	cpguard –exclude add <path>
List all exclusions	cpguard –exclude list
Run a scan	cpguard –scan now

Wrapping It Up

False positives are annoying, but they’re nothing new. Every scanner, even enterprise-grade ones — makes a mistake now and then. The key is knowing how to fix it without breaking your site. With CPGuard’s CLI, it only takes a few steps: find the quarantined file, double-check it, restore it, and confirm with a quick scan. No downtime, no drama, just back to normal.

If you work with multiple servers or clients, keep this guide bookmarked. Also, contact the SupportPRO for further assistance. You’ll probably need it again sooner or later.