What is the Plugin and Theme Guard scanner?
The Plugin and Theme Guard scanner is a part of the Automatic WordPress File Scanner.
The purpose of the Plugin and Theme Guard is to detect any changes to active plugins and themes.
These changes are ones that would occur outside normal WordPress actions. For example, if you upgrade a plugin to a new version using WordPress, then this would not trigger alerts from the Guard. The Guard will detect normal changes and update its records so that it doesn't alert you unnecessarily.
However, if you upload a new version of a plugin over FTP, the Guard will detect this. The Guard does not know about FTP, it only knows about WordPress. So if you make changes to your plugin or theme files outside of WordPress, the Guard will be alerted and so will you.
Why is this important for security?
Completely preventing intrusions is impossible. Neither Shield, nor any other WordPress plugin can block all intrusions - there are just too many variables.
So, the next defense against intrusion is detecting any changes made to your files after someone has gained access to them. This is the purpose of the Plugin/Theme Guard.
Important Characteristics of the Plugin/Theme Guard
When enabling the Guard, please consider the following characteristics carefully.
The Guard only tracks changes to active plugins and themes
The Guard does not track changes to any files for any plugins/themes that are not activated on your WordPress site.
In the case of themes, it'll track both the Parent and Child themes, if your theme is setup this way.
The Guard starts tracking when plugins/themes are activated, not when they're installed.
The Guard takes a snapshot of your plugin/theme at the time they are activated, not when they're installed.
Therefore, you are advised to always re-install a plugin/theme before activation, especially if it's be sitting deactivated on your site for a while.
The Guard does NOT SCAN FOR MALWARE
The Guard trusts your judgement when you activate a plugin/theme. This is entirely your responsibility.
The Guard's purpose is to detect changes only (not malware).
Note: The Malware scanner is completely separate. You can find more information about the Malware scanner here.
Plugin/Theme Guard is NOT designed to scan for malware. If you activate a plugin/theme that already contains malware , the Guard does not know this. It assumes that if you activated it, you have previously checked it for malware or installed it fresh from source (i.e. it's clean).
We also highly recommend you to read A Complete Guide To The Shield Security Scans here.