Hi there,
I have a compromised server, have identified the files and some malware and the like.
I check the box so that WF scans and compares plugin repository files with those on my site. WF does not find the 8 extra files that are in both the WordFence plugin directories and Sucuri plugin directories (hackers with a sense of irony).
Why not? Given the description, it is not the behaviour I would expect: "Scan plugin files against repository versions for changes". Perhaps you mean changes in code, but what about extra files? Seems worth waing about at least...