Update defender-vulnerability-management-faq.md

Author: denisebmsft

defender-vulnerability-management/defender-vulnerability-management-faq.md

@@ -14,7 +14,7 @@ ms.collection:
 - Tier1
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 02/08/2025
+ms.date: 05/02/2025
 ---
 
 # Microsoft Defender Vulnerability Management frequently asked questions
@@ -118,6 +118,18 @@ Currently Windows is supported, but coverage will be expanded to more operating
 
 For details on the full list of capabilities across Microsoft Defender Vulnerability Management and Defender for Endpoint, see [Defender Vulnerability Management Capabilities](defender-vulnerability-management-capabilities.md).
 
+### What happens to CVEs that are marked as "won't fix"?
+
+Defender Vulnerability Management currently filters out CVEs marked as "Won't Fix", particularly on Linux platforms, from vulnerability recommendations and security score calculations. This design choice was implemented to reduce noise from non-actionable issues and improve signal-to-noise ratio for security teams.
+
+Certain Linux distributions, such as RHEL, include large numbers of CVEs labeled as "Won't Fix" due to platform-specific or architectural decisions. These CVEs were previously displayed in the Microsoft Defender portal, but they caused confusion and inflated the recommendations list and exposure score. As a result, these were intentionally removed following internal review and Data Subject Rights (DSR) requests.
+
+Current Behavior:
+
+- "Won't Fix" CVEs are not shown in the MDVM portal.
+- These CVEs are excluded from vulnerability recommendations and scoring.
+- There is no current workaround to view them in the product experience.
+
 ### Can customers buy only one capability?
 
 Microsoft Defender Vulnerability Management is available as a vulnerability management solution comprised of multiple premium capabilities.