This article answers some Frequently Asked Questions (FAQ) about the Magento Security Scan Tool.
What is the Magento Security Scan Tool, and who is it written for?
The Magento Security Scan Tool is a free tool available to our merchants, developers, and the personnel they designate as responsible, to monitor their sites for security risks. It can proactively and efficiently detect malware on customer stores and notify customers if there are any security risks, malware, or threats.
Is Magento scan tool available to all Magento customers?
Yes, the Magento Security Scan Tool is available to all Magento Commerce and Open Source customers.
Can the tool scan non-Magento pages on my webstore?
The Magento Security Scan Tool is designed to scan vulnerabilities on Magento domains. Scanning non-Magento pages for vulnerabilities using the Magento Security Scan Tool can lead to unreliable results. We strongly recommend our customers not to use the Magento Security Scan Tool to scan pages generated by other non-Magento platforms.
Can I exclude specific security tests from Magento scan tool?
Magento Security Scan Tool customers cannot exclude specific security tests from Magento Security Scan Tool scans. Each Magento Security Scan Tool security test is written to assist customers in identifying security risks, malware, and threats.
What does it cost?
The Magento Security Scan Tool is free. Merchants must accept a legal disclaimer that absolves Magento of liability based on the results of the security scan or their site's configuration.
How does the Magento Security Scan Tool work?
The Magento Security Scan Tool is web-based and accessed from the customer's online Magento account (account.magento.com). The security scan operates over both HTTP and HTTPS. It checks for known security issues and identifies missing Magento patches and updates.
How do I sign up to use the Magento Security Scan Tool?
Customers can register to use the Magento Security Scan Tool to scan their webstores from their Magento account (account.magento.com). Follow the link to sign-up for the Magento Security Scan Tool here.
What do I do if I come across a false positive in the scan report?
We recommend to our customers to investigate all failed scans and take appropriate steps to resolve such issues. After investigation, if customers come across a scan result that appears to be a false positive, we request the customer to notify Adobe to take appropriate action.
To submit a false positive report, enter a ticket with Magento customer support so that we can evaluate the false positive, make necessary changes, and/or provide recommendations to avoid seeing such notifications in the future. Customers can also report a false positive by emailing us at securityscan@magento.com.