# How To  Manage False Positives and Optimizing the System

The portal can detect false positives, at that moment users should exclude those entries. In every table users can set entries as trusted, can add values to the white or black lists and also can append values to the classification rules. With that records are evaluated correctly and the portal provides better visibility. Every table has a bulk operation option in the "..." section.

* For Autoruns, Processes and Inventory Assets:
  * Setting as Trusted (optional): Right-click on the entry -> Actions -> Set as trusted. This option sets the entry risk score to 0 and shows it as trusted. This option is recommended for single or unique entries.
  * Adding to a Classification Rule (recommended): Right-click on the entry -> Rule Management -> Add Value as a Classification Rule -> Set the priority of the classification rule -> Scroll down and click on the "Save & Force Run This Rule" button.  This option is recommended for the classification of the captured records, this option affects all data.
  * Adding to a List (recommended): Right-click on the entry -> List Management -> Add to a Global While List. This option does the same as the classification rule, but faster. The entries no longer showed up as a false positive after that because they are on the white list. Also, this action can be taken for malicious artifacts. Users can simply add values to a Global Malware/Black List.
* For Sysmon Analysis:

  * Setting as Trusted (optional): Right-click on the entry -> Actions -> Set as trusted. This option sets the entry risk score to 0 and shows it as trusted. This option is recommended for single or unique entries.
  * Adding to a Classification Rule (recommended): Right-click on the entry -> Rule Management -> Add Value as a Classification Rule -> Set the priority of the classification rule -> Scroll down and click on the "Save & Force Run This Rule" button.  This option is recommended for the classification of the captured records, this option affects all data.
  * Adding to a List (recommended): Right-click on the entry -> List Management -> Add to a Global While List. This option does the same as the classification rule, but faster. The entries no longer showed up as a false positive after that because they are on the white list. Also, this action can be taken for malicious artifacts. Users can simply add values to a Global Malware/Black List.
  * Adding Values to the Sysmon Exclusions (highly recommended): Right-click on the entry -> Sysmon Rules Mgmt. -> Add to Image & Network Exclusion (This exclusion type can be changed for artifact type). This option is highly recommended because with this we exclude the values, and this provides great optimized Sysmon data.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/getting-started/how-to-manage-false-positives-and-optimizing-the-system.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.