+https://forum.ait-pro.com/forums/topic/installatron-and-deleteme-wpxxxx-php/

This has all worked okay except Installatron likes to put its own file in your web directory which helps it to manage wordpress updates.

You do NOT want to allow the Host 3rd party application installer to manage WordPress updates for 2 reasons:

1.  WordPress automatically does this now with automatic updates.  AutoRestore/Quarantine is fully automated and integrated with the WordPress automatic updates:  http://forum.ait-pro.com/forums/topic/autorestore-quarantine-guide-read-me-first/#automation
2.  Having a 3rd party application manage WordPress files will trigger AutoRestore/Quarantine to quarantine any files that are updated by a 3rd party application.  ARQ will think these files are being modified, added or created by a hacker.

See this video tutorial for how to exclude (ARQ Calibration) files in ARQ http://forum.ait-pro.com/video-tutorials/#autorestore-quarantine but what I think you should do is contact your Host and ask them how to turn off/disable the WordPress automatic update by the Host 3rd party application for the 2 reasons stated above.

Unfortunately, since Installatron creates these randomly named files in the hosting account root folder instead of putting these files in an /installatron/ folder for example, then you cannot exclude a folder (/installatron/, /example-folder/, etc) from being checked by ARQ IDPS. Since the files are randomly named and ARQ IDPS does not allow using Regex since that would negate the effectiveness of ARQ IDPS, then that leaves you with either turning ARQ IDPS Off or deleting this deleteme temporary files when they get quarantined. We looked at and tested allowing Regex in file exclude rules and that creates a very easy loophole for hackers to be able to beat ARQ IDPS. Example: deleteme-hacker-file.php would no longer be checked by ARQ IDPS and the site would be hacked.