ZAP Downloads
As of April 2025 browsers appear to be flagging the ZAP downloads as potentially dangerous.
This appears to be the ‘fault’ of the Google SafeBrowsing service.
Exactly why ZAP has been flagged in this way is unclear, but to date we have not been able to convince anyone to change this. The recommendation in the above issue (“host your own downloads”) are not a practical option for us.
Anti Virus Tools
We know that many Antivirus (AV) tools flag ZAP and some of the ZAP add-ons.
For example the ZAP 2.15 Windows installer was flagged by 3 / 63 security vendors.
In particular the Active Scan Rule add-on is often flagged: v65 was flagged by 10 / 63 security vendors.
Detecting viruses is hard, especially as viruses try to disguise themselves. This means that AV tools try to detect potentially malicious activity or code.
ZAP is a security tool which “does bad things”.
The Active Scan Rule add-on contains the rules which attack websites, so it is not surprising that make AV tools flag it.
Any issues raised about ZAP or its add-ons being flagged by AV tools will be closed with a link to this FAQ.
If you work for an AV tool vendor and would like to discuss how you can make sure your tool does not incorrectly flag ZAP then please get in touch.