diff --git a/modules/exploits/linux/http/hadoop_unauth_exec.rb b/modules/exploits/linux/http/hadoop_unauth_exec.rb
index 40208ea6e5..4eaae0f263 100644
--- a/modules/exploits/linux/http/hadoop_unauth_exec.rb
+++ b/modules/exploits/linux/http/hadoop_unauth_exec.rb
@@ -53,7 +53,7 @@ class MetasploitModule < Msf::Exploit::Remote
     end
 
     if res && res.code == 200 && res.body.include?('application-id')
-      return CheckCode::Detected
+      return CheckCode::Appears
     end
 
     CheckCode::Safe