I see in the latest update of Imunify customers have access to setup ignore paths themselves in cPanel so that the scanner ignores the paths/files/folders.
What if there is a hacker/fake order done and they login to cPanel and setup ignore paths for their public_html folder?
Then they start uploading files/folders with phising content and misuse the account?
Have you thought of that and the complications that can do to the server?
How can we as admins find these accounts and what should we do in such cases?
I think you need to think trough such cases and find a better way to handle those.