FAQ-000370 - Code Removal and Vulnerability Persistence / Complete Code Removal

If test classes prevent the complete removal of flagged features, you should create new test classes that exclude those features. Additionally, remove the flagged features from the package and update the test classes accordingly. If complete removal isn't possible, document the issue in a false positive document with detailed explanations and screenshots to justify why the flagged features remain. This documentation can then be submitted for review.

The current answer is accurate and complete, addressing the core scenario where test class dependencies prevent complete removal of flagged security features. No security rules directly apply to this FAQ because it deals with the administrative/procedural aspects of handling test class dependencies during code removal, rather than specific security vulnerabilities or coding practices that would be detected by security scanners. The answer correctly outlines the proper procedure: attempt removal, create alternative test classes, document justification when removal isn't possible, and submit false positive documentation for review. The content is current and follows AppExchange security review best practices. No modifications to the existing points are needed - the answer maintains appropriate structure and completeness for this procedural guidance.