Endpoint Protection for Linux: "ctime" is changed after running an On-Demand scan