1. Support Center
  2. Documentation
  3. Enterprise Edition
  4. Working with Burp Suite Enterprise Edition
  5. Scan results
  6. Handling false positives

Handling false positives

As with any automated scanning tool, Burp Suite Enterprise Edition might occasionally highlight issues that you decide are false positives. This could be because you decide after manual testing that the issue is not really present, or it could be that you are aware of the issue but want to keep this behavior despite the potential vulnerabilities that are associated with it.

You can mark it as a false positive by either clicking the "Mark as false positive" button from the issue details page, or by hovering over an issue in the list of scan results and clicking the "FP" icon that appears on the right of the page.

Issues marked as false positives will be labeled as such in the list of issues and "grayed out". They will also be removed from the statistics and metrics displayed in the dashboards.

When you mark an issue as a false positive, you will be prompted to decide whether you want to mark other similar issues as false positives too. You can choose from the following options:

Note that the option you select here only applies to issues that have already been found by scans. Issues found by future scans will be unaffected by these changes. Instead, they will be marked as false positives based on the global setting defined by the administrator user.