tencent cloud

Tencent Cloud Firewall

Release Notes and Announcements
Release Notes
Engine Release Notes
Product Announcement
Getting Started
Product Introduction
Overview
Advantages
Scenarios
Key Concepts
Supported Region
CFW High Availability Specification
Purchase Guide
Billing Overview
Purchase Instructions
Billing Modes
Renewal Instructions
Resource deletion upon expiration
Refund Instructions
Operation Guide
Firewall Toggle
Asset Center
Alert Management
Traffic Monitoring
Access Control
Intrusion Defense
Network Detection and Response
Honeypot
Log Audit
Log Analysis
Log Shipping
Log Fields
Notifications and Settings
Common Tools
Practical Tutorial
Use Cloud Firewall with Other Products
DNS Firewall Practical Tutorial
Practical Tutorial for Protecting Against Mining Attacks
Inter-VPC Firewall Practice Tutorial
Troubleshooting
Solution for False Alarms and False Positives
API Documentation
History
Introduction
API Category
Making API Requests
Intrusion Defense APIs
Access Control APIs
Other APIs
Enterprise Security Group APIs
Firewall Status APIs
Data Types
Error Codes
FAQs
Basic Introduction
Bandwidth
Firewall
Feature
Log
Account
Billing
Others
Service Level Agreement
CFW Policy
Privacy Policy
Data Processing And Security Agreement
DocumentationTencent Cloud FirewallOperation GuideAlert ManagementReport false positives

Report false positives

PDF
Focus Mode
Font Size
Last updated: 2025-12-24 09:49:18
When rule-based alarm records generate false positives, you can report them via the entry for reporting false positives in the Alarm Center, thereby promptly providing feedback on the alarm records.

Method 1

1. When you find that an alarm is a false positive, click Report false positive to submit the false positive information.

2. On the Report False Positive page, select the feedback type and enter the corresponding false positive information, including:
2.1 IP/Domain name: Fill in the IP address or domain of the false positive, and the false positive description.
2.2 Intrusion prevention rules: Enter the rule ID of the false positive and the false positive description.

Note:
In the alarm event details, you can view the details of events hitting rules, thus quickly obtaining the rule ID corresponding to false positive events.
3. Click Submit feedback to submit feedback on false positives. The records of false positive feedback will be displayed below on the page. CFW staff will complete the assessment and provide feedback on the processing results within 3 business days.

Method 2

1. When you find that an alarm is a false positive, click Allow in the operation bar to add the false positive IP address to the Allowlist strategy (allowlist) of the Intrusion Defense module.

2. In the pop-up window, select False positive as the reason for allowing and report the address/rule of the false positive. After filling in the description of the false positive below, click OK to complete the feedback.

3. The records of false positive feedback will be displayed below on the page. CFW staff will complete the assessment and provide feedback on the processing results within 3 business days.


Previous Topic: OverviewNext Topic: Viewing and Handling of Attack Alarm Events

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback