Starting with RSFirewall! rev. 15, we have introduced a new Active Scanner option :
user-agents check for common malware user agents.
Basically, when the Active Scan runs (is enabled from the RSFirewall! configuration), it will look for automated scripts meant to scan websites for vulnerabilities. These will be detected with the help of user agents and will be blocked and reported into the log.
The option is active by default, but if you don't want to perform this task you can disable it from Firewall! Configuration:
Components - > RSFirewall! -> Firewall Configuration -> RSFirewall! Active Scanner.
Check user agents for common malware: