How to submit a False Positive Request in Qualys PCI
Since PCI scans are internet-based un-authenticated scans, at times there are vulnerabilities we can not fully test since firewalls and other internet facing devices may limit the tests we can run. The PCI Council has therefore approved a process where we can work with you to review any vulnerabilities you feel may be a "PCI False Positive", and upon approval we will certify that you are in fact not vulnerable to those vulnerabilities and are now Passing.
To submit a PCI False Positive Request using Qualys PCI, please log into your Qualys PCI Account, go to the Vulnerabilities Page, check the box to the left of the vulnerability you believe may be a false positive, and then click the Review False Positives button. You will then be prompted to enter your information on why you believe this should be a false positive.
We will then review your submitted vulnerabilities & information and upon approval will update your reports, which will show that you are now passing for these submitted vulnerabilities.
Qualys Support KnowledgeBase