We do not recommend that you simply stop using the option that triggers, rather it would be better to simply ignore the false-positive files using an ignore file as per the documentation.
The best way to generate the ignore file is to create it first, e.g.:
Code: Select allOr use the /etc/cxs/cxs.ignore.example file:
touch /etc/cxs/cxs.ignore chmod 644 /etc/cxs/cxs.ignore
Code: Select allThen you need to populate it. You can either add your ignore file individually with entries such as:
cp /etc/cxs/cxs.ignore.example /etc/cxs/cxs.ignore chmod 644 /etc/cxs/cxs.ignore
Code: Select allOr, you can generate ignore file entries using the scan report as input. You can generate the report file when you run a scan using the --report option, or you can save the output from the scan into a file on disk (e.g. if you received it only in an email), e.g. to cxs.scan. Using this as an example, you can then use the --generate option to append entries to your ignore file:
(Note: remember to remove all entries in the scan report that you do not want in the ignore file first)
Code: Select allIf you now look in cxs.ignore you should see ignore lines for each item found in the scan report. Make sure you use the --ignore /etc/cxs/cxs.ignore (or whatever you called your ignore file) in all future scans.
cxs --generate --report cxs.scan --ignore /etc/cxs/cxs.ignore
You should be very careful when using an ignore file about listing directories to ignore as this will stop cxs scanning the directory and its contents which might not be what you intend.