Get Module

Understanding Results

Learn how to interpret scan results, severity levels, and take appropriate action on threats.

Understanding Results

After a scan completes, threats are listed in the Threats tab with full context to help you decide on the appropriate action.

Threat Information

Each threat entry shows:

  • File Path — Full path to the file containing the detection
  • Line Number — Exact line where the suspicious code was found
  • Matched Code — The code snippet that triggered the detection
  • Category — The pattern category (e.g., Backdoor, Code Injection, Obfuscation)
  • Severity — Critical, Warning, or Info

Severity Levels

SeverityColorMeaning
CriticalRedHigh-confidence malware indicators — backdoors, webshells, skimmers, credential stealers. Requires immediate action.
WarningOrangeSuspicious patterns that may be malicious — heavy obfuscation, dangerous function usage, crypto miners. Review carefully.
InfoBlueLow-risk indicators — debug code like phpinfo(), var_dump(). Usually safe but worth reviewing in production.

Actions You Can Take

For each threat, you have several options:

  • Quarantine — Move the file to a protected quarantine directory. The file is renamed and made inaccessible. Recommended for confirmed threats you want to review later.
  • Whitelist — Suppress the specific code pattern. Use this for false positives — the whitelist is content-based (MD5 hash), so the same safe pattern is automatically ignored everywhere.
  • Delete — Permanently delete the file. Use with caution — only for files you're certain are malicious and not needed.
  • Resolve — Mark the threat as reviewed/resolved without taking file-level action. Useful for tracking your review progress.
  • Recheck — Re-scan a specific file to verify a threat was cleaned up after manual editing.

Bulk Actions

Select multiple threats using the checkboxes and apply bulk actions:

  • Bulk Quarantine
  • Bulk Whitelist
  • Bulk Resolve
  • Bulk Delete

Reducing False Positives

The scanner is intentionally sensitive — it's better to flag a false positive than miss real malware. To manage false positives:

  1. Enable comment filtering in scan settings to skip detections in code comments
  2. Whitelist known-safe patterns to suppress them globally across all future scans
  3. Review the matched code — most false positives are obvious when you see the context