This article answers some Frequently Asked Questions (FAQ) about the Magento Security Scan Tool.
What is the Magento Security Scan Tool, and who is it written for?
The Magento Security Scan Tool is a free tool available to our merchants, developers, and the personnel they designate as responsible, to monitor their sites for security risks. It can proactively and efficiently detect malware on merchant stores and notify merchants if there are any security risks, malware, or threats.
Is Magento Security Scan Tool available to all Magento merchants?
Yes, the Magento Security Scan Tool is available to all Magento Commerce and Open Source merchants.
Can anyone scan my site with the Magento Security Scan Tool?
No, a merchant ties their site to their Magento account when requesting a scan via a token. This is unique per site.
Can the tool scan non-Magento pages on my webstore?
The Magento Security Scan Tool is designed to scan vulnerabilities on Magento domains. Scanning non-Magento pages for vulnerabilities using the Magento Security Scan Tool can lead to unreliable results. We strongly recommend our merchants not to use the Magento Security Scan Tool to scan pages generated by other non-Magento platforms.
Can I exclude specific security tests from Magento scan tool?
Magento Security Scan Tool merchants cannot exclude specific security tests from Magento Security Scan Tool scans. Each Magento Security Scan Tool security test is written to assist merchants in identifying security risks, malware, and threats.
What does it cost?
The Magento Security Scan Tool is free. Merchants must accept a legal disclaimer that absolves Magento of liability based on the results of the security scan or their site's configuration.
How does the Magento Security Scan Tool work?
The Magento Security Scan Tool is web-based and accessed from the merchant's online Magento account ( account.magento.com ). The security scan operates over both HTTP and HTTPS. It checks for known security issues and identifies missing Magento patches and updates.
How do I sign up to use the Magento Security Scan Tool?
Merchants can register to use the Magento Security Scan Tool to scan their webstores from their Magento account ( account.magento.com ). Follow the link to sign-up for the Magento Security Scan Tool here .
What do I do if I come across a false positive in the scan report?
We recommend to our merchants to investigate all failed scans and take appropriate steps to resolve such issues. After investigation, if merchants come across a scan result that appears to be a false positive, we request the merchant to notify Adobe to take appropriate action.
To submit a false positive report, enter a ticket with Magento merchant support so that we can evaluate the false positive, make necessary changes, and/or provide recommendations to avoid seeing such notifications in the future. Merchants can also report a false positive by emailing us at securityscan@magento.com .