We are trying to perform a WAS against a web application and it keeps completing with service errors detected. Per the documentation, we reviewed the URLs in "150018 Connection Error Occurred During Web Application Scan." Many of them are indeed invalid, but it's because the WAS is trying to perform code injection and the application is (properly) coded to defend against this and is generating a generic error page.
The quandary we're stuck with is: yes, those URLs are errors, but they should be errors. The requests are bad. We could blacklist the URLs, but then there would be significant portions of the application left unscanned.
Any suggestions about what to do?