A false positive is when WebScan identifies a vulnerability on your website but it then turns out that the vulnerability doesn’t actually exist. 

This can happen sometimes as we only have access to the publicly available information of your website. 

WebScan looks for specific patterns of code and often there are sometimes harmless pieces of cose that are very similar to actual pieces of malware.