Skip to content

Working with false vulnerabilities

False positive occurs when legitimate entity is qualified as a vulnerability.

After analyzing a vulnerability, you may conclude that the vulnerability is a false positive. A vulnerability marked as a false positive will be switched to an appropriate status and will not be rechecked.

If the detected vulnerability exists but cannot be fixed

If the detected vulnerability exists in the protected application but cannot be fixed, we recommend setting up the Create a virtual patch rule. This rule will allow blocking attacks exploiting the detected type of vulnerability and will eliminate the risk of an incident.

Mark a vulnerability as a false positive

Click the Mark as false button next to the desired vulnerability in the list to mark this vulnerability as a false positive.

False positive in the vulnerability list

You can also mark the vulnerability as a false positive by clicking the Mark as false button on the page of the desired vulnerability.

False positive on the vulnerability page

Wallarm will requalify the vulnerability as a false positive.

Remove a false positive mark

The vulnerability marked as a false positive, will be displayed on the Closed tab. To remove a false positive mark, please open a vulnerability card and click Reopen.

False vulnerability

The vulnerability will be switched to the status Open and will be rechecked with Wallarm tools.