Rejected by Google Ads: Malicious or Unwanted Software

If you're here, unfortunately your ad has been rejected by Google Ads / AdWords. This setback is far from ideal when launching a campaign, especially when Google's disapproval message is vague. This article is intended to help steer you in the right direction so you can launch your campaign and ad as soon as possible.
Google Ads Support is your best resource for a quick solution. Their Support can share exactly why an ad was rejected and can offer the steps to take for a resolution. They offer a helpful step-by-step guide on identifying causes for an ad rejection and how to get it approved. You can review their guide here.

What is malicious content or malware?

Google defines malicious content/malware as follows:
"Malware is any software or mobile application specifically designed to harm a computer, a mobile device, the software it's running, or its users. Malware exhibits malicious behaviour that can include installing software without user consent and installing harmful software such as viruses. Webmasters sometimes don't realize that their downloadable files are considered malware, so these binaries might be hosted inadvertently."
You can read more on what Google determines as malicious content and malware in their documentation, here and here.
In truth, it's pretty unlikely your landing page actually contains malware or software as described above. That said, Google's complex process for detecting malicious content or malware is entirely automated! It collects information from reputable organizations which detect malicious content and malware, then focuses the scan for such content on specific geographic locations where the most malware/malicious content is detected.
You can read more about their process for malware detection here.
As we see from Google's safe browsing overview, Google casts a very wide net to ensure only secure, safe, quality content is available. As the process is automated, mistakes do happen and "innocent" content is often caught as by-catch. When your ad/page is erroneously caught by Google Ads as malicious, the only way to have Google reconsider your ad is to connect with their Support, go through their suggestions to prove the ad rejection was in error, and then resubmit the ad for review. Unfortunately, Unbounce does not have the necessary information to confirm why Google Ads has rejected and ad or landing page.
Instruction for fixing an ad or re-submitting the ad to Google for review is found here

Possible Causes for a Disapproved Google Ad

  • Outgoing URL’s on the landing page are using http when the landing page is secure over https.
  • Images are hosted on software that Google Ads doesn’t approve.
  • There are Redirects on the landing page domain or page URL.
  • WordPress plugin(s) is deemed malicious by Google.
  • Custom scripts added to the landing page are referencing external content deemed malicious by Google.
  • You have included automatic downloads on the landing page: From Google, “Download of the software should only begin when the user has consented to the download by clicking on a clearly-labelled download button." 
  • You have included form fields that prompt the visitor to submit sensitive information: From Google, "Software must not collect sensitive information such as banking details without proper encryption."
  • Misrepresentation of the expected content, example:
    • “An ad that only contains the words "Download" or "Play" without identifying the software it advertises for.
    • A "Play" button that leads to a download.
    • An ad that mimics the look and feel of the publisher’s website and pretends to offer content (for example, a movie) but instead leads to unrelated software."

Tips for Troubleshooting Malicious or Unwanted Software

  1. Check the status of your site in Google Search Console. If you haven’t used Search Console before, enter the URL of your website and click "Add a property" to see its status. You may need to verify that you own the site.
  2. If Search Console doesn’t report any problems, your site could still have security issues that were detected by Google Ads. Consult with your webmaster or web hosting provider and use tools such as Stop Badware to investigate further. Or, download a tool to detect any malicious or unwanted software, such as Learn more about how Google identifies malicious or unwanted software.
  3. Remove any malicious or unwanted software. Google provides resources and instructions to help you fix your site through Help for Hacked Websites. If you can’t fix the ad’s destination, update the ad with a new destination that complies with this policy.
  4. Edit the ad. This will resubmit the ad and its destination for review.
    Most ads are reviewed within 1 business day, though some can take longer if they need a more complex review.
Unbounce made it easy for me to handle my issue.
Strongly DisagreeDisagreeSomewhat DisagreeUndecidedSomewhat AgreeAgreeStrongly Agree

Measuring Customer Effort Score with Nicereply