Skip to main content
McAfee Enterprise MVISION Cloud

Mark Anomalies as False Positive

If an anomaly represents unusual behavior that does not indicate a security incident (for example, an employee who has a new project that requires an unusual number of record downloads), that anomaly should be marked as a false positive. The information you provide to resolve anomalies trains Threat Protection on how to handle anomalies within your organization.

Anomalies can be marked as false positive by a user with Incident Handler permissions.

To mark an anomaly as False Positive:

  1. Go to Incidents > Anomalies > Anomalies.
  2. In the Anomalies table, select the specific anomaly you wish to resolve.
  3. In the Anomalies Cloud Card, select Status as False Positive to remove the anomaly from the Anomalies list.
    clipboard_e0729590105ae64e0d6f76c4d93a580ae.png

Once updated, a successful message is displayed at the bottom of the page.

IMPORTANT: This action cannot be undone.

  • Was this article helpful?