How to fix the Ads Disapproved due to malicious or unwanted software in Google Ads

Published at May 13, 2022

How to fix the Ads Disapproved due to malicious or unwanted software in Google Ads

How to fix the Ads Disapproved due to malicious or unwanted software in Google Ads

Malicious software or “malware” that may harm or gain unauthorized access to a computer, device, or network

Below are some examples

Examples (non-exhaustive): Computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, rogue security software, and other malicious programs or apps


Examples (non-exhaustive): Failure to be transparent about the functionality that the software provides or the full implications of installing the software; failing to include Terms of Service or an End User License Agreement; bundling software or applications without the user’s knowledge; making system changes without the user’s consent; making it difficult for users to disable or uninstall the software; failing to properly use publicly available Google APIs when interacting with Google services or products

The error might be caused by the following scenarios

Malicious advertising: You are using any script/code which is showing an advertisement on your website (like Adsense or similar) or any script that can show two different things on the same spot/page to two different visitors that open the same landing page from two different locations. It might be possible that your website is hacked and some potential script is hidden in server pop-ups or advertising.

Poor code or outdated script. Any poorly coded or outdated script might compromise the security of visitors visiting your website or steal any data by injecting something.

There might be some piece of code that is false-positive but actually not malicious code. Some examples are pop-ups on the landing page for subscriptions or fly-out in the lower right or left corner or something similar activity on the website.

Your website has some download buttons/links for some file/report/book/music/software with some strange file extension that is flagged by some browser as malicious.

Your website may be flagged by any antivirus software running on any visitor’s computer. Most antivirus companies have their own online database for malicious websites or websites lacking basic security. Your website might be in that database.

It might result from using some nulled plugin/theme/code/script from an unknown source. It might be possible that you are using some outdated plugin/theme/script that might be used by some hacker to hack your website by exploiting the vulnerability of that plugin/theme/script/code.

You are using any content management system (CMS like WordPress, Joomla, Shopify) plugin(s) or script code that is deemed malicious by Google or any other company.

Custom scripts added to the landing page are referencing external content deemed malicious by Google.

You might be loading the content from another website by using some script/plugin.

Sometimes, a browser will automatically search for a favicon on your landing page. A favicon is an icon image or tab icon that’s associated with your website. If your browser does not detect a favicon installed on your page, this can return a 404 error within the browser console, and Google Ads may flag this 404 as malicious.

You have included automatic downloads on the landing page. According to Google’s Unwanted Software Policy, “download of [a] software should only begin when the user has consented to the download by clicking on a clearly-labeled download button.”


Scan your website with

*It would be best to scan your site will all of them.

If the site scan[s] returns positive results, you will have to manually find and replace the corrupted files and/or malicious software.
After you have completed that task you will have to clear the cache and start the scan again.
If the site scan[s] still shows corrupted files and/or malicious software, then you will have to restore your website to a previous version. Then you will have to re-scan the website.

If the site scan[s] doesn’t show corrupted files and/or malicious software but your ad destinations are getting flagged, then you will have to contact Google Ads support.
It would be best to provide some documentation of the negative scans.

Top posts in Google Ads

How to audit Google Ads campaigns

How to audit Performance Max campaigns

How to audit Search campaigns

My socials

mail icon

mail icon

mail icon

mail icon

mail icon

mail icon

PPC Panos © 2024