ZAP detected as virus by Defender in Azure

[philosoph...@gmail.com]

It seems that ZAP 2.15.0 from GitHub gets detected - inconsistently, depending on the machines: some of them get it squelched as the download starts; others at scan time when it arrives.

Is there any particular reason why this might happen? I want to make double sure the supplychain was not compromised. A download WITHIN ZAP itself oddly did not seem to do this ; I am at a loss here as to what might be the difference. (I only did the manual one because on another machine the interruption showed up in the UI as "failed"; this is the one squelched at start.)

[philosoph...@gmail.com]

Win32/Packunwan is what it is detected as - i.e., the installer is likely suffering from guilt by association. We've seen this happen with Python-esque similar matters in our environment; it seems to me that using WiX might help (the FireGiant product, not the website thing). Of course, that's a lot of work, and perhaps just finding a way to tune the Defender engine might help. I will see what I can do here, but meanwhile I wouldn't mind thoughts from everyone on this.

[Simon Bennetts]

We have a new FAQ for this :)

https://www.zaproxy.org/faq/why-does-my-antivirus-tool-flag-zap/

I'm also trying to make contact with the Windows Defender team in order to ensure Defender does not raise false positives like these for ZAP.

Cheers,

Simon

[Keith Douglas]

Thanks, Simon. We're a pretty big Azure customer so I am going to try leverage on our end as well.

--
For commercial support options see https://www.zaproxy.org/support/
ZAP is supported by the Crash Override Open Source Fellowship https://crashoverride.com/open-source?zap=user
---
You received this message because you are subscribed to a topic in the Google Groups "ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/kneIUOBfe1g/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/bb9d4abe-fc1d-49ce-8c26-9232ee8003a4n%40googlegroups.com.

[thc...@gmail.com]

For the record, ZAP should no longer be flagged as PUA.

Best regards.

>> <https://groups.google.com/d/msgid/zaproxy-users/bb9d4abe-fc1d-49ce-8c26-9232ee8003a4n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>

[Keith Douglas]

I have noticed this as well. Thanks to all involved - it is a great product, and I hate to explain to our developers "yes, really, this is a security product".

My colleagues in cyber security endpoint protection report that it is very difficult to get Microsoft to listen here, so doubly well done!

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/5691ea42-ffb2-48c8-9c90-1cb4dcccbf45%40gmail.com.