Hi Patrick,
The 'only scan messages in scope' is part of the passive scan config, right?
You should not be seeing any passive alerts from out of scope URLs.
Thats different from the Sites Tree. That shows all of the requests that have been proxied through ZAP.
ZAP is _very_ modular, each part has its own "job" and its own confuguration :)
If you dont want to see out of scope URLs in the ZAP desktop then you can select the "Show only URLS in scope" buttons in the Histiry and Sites Tree tabs.
If you have some other concern then please explain :)
Cheers,
Simon