Support

You can neither select all files as safe nor do you have to go through all 780 pages. You only need to mark files with a non-zero threat score as safe. You will see that this is just 3-4 pages. Just sort the results list by threat score descending :)

You are 99% there but not entirely correct.

Yes, you should run an initial scan and start marking files as safe, exactly as you have been doing. With one small change: instead of trying to mark all .php files as safe you should only do that for the files with a non-zero threat score.

The files with a zero threat score don't need to be marked as safe, they are implicitly safe (zero threat score). You will only see these zero threat score files popping up in a future report only if their content changes (modified). This will happen regardless of the Mark As Safe flag: when a file's contents change it's marked as Modified and it gets reported. That's why I'm telling you that marking zero threat score files as safe is wasted time. You just bloat the database and waste your time for no reason :)

So, after marking the non-zero threat score files as safe you can of course be on the lookout for modified files. Better yet, run the scanner before updating extensions (or Joomla itself) and again right after. Any files marked as changed on the file scan before need to be manually reviewed. Any files marked as suspicious on the file scan after can be marked as safe. Any files marked as changed on the scan right after can be ignored (you just installed them, that's why they are marked as changed).