Snowplow Tracker marked as malware in Google Tag Manager

I have a question concerning snowplow and Google Tag Manager. Namely, we’ve deployed
snowplow to AWS and generated a rather standard version of JS tracker. Tracker itself works
as expected but after adding it to GTM it is makred as malware. Have you experienced similar issues?
How we can resolve it?

@mkarpicz, you could try self-hosting the tracker and give it a different name: Though, it depends on how the tracker was determined to be a “malware”. If it’s based on sp.js name this approach should help.

The funny thing is that I’m using the same tracker, with a different appId in different GTM container, say X, and it works. The first time, when I’ve added this tracker to X it was also marked as malware. Then I’ve remove cookie lifetime setting and it started to work. :expressionless:

I will give a shot to self-hosted sp.js.

@ihor after self-hosting the tracker it started to work… for 12 hours and the tag was again marked as malware. Any ideas why?

@mkarpicz, this issue is browser/computer dependent and would contribute to something like ~5% of events tracked. This is true regardless of the analytics tools used and depends on the security application installed by the user. Not much you can do if that security app scans the actual code of the tracker and is designed to block/mark tracking scripts as “malware”.

@ihor tracker is installed via Google Tag Manager and GTM is marking tracker as malware. I would suppose that I’m not the only one who uses Snowplow with GTM, so the question is why this happens and how I can resolve this issue.

@mkarpicz, I found this Help page on GTM: Note you might need to contact Google team to have it resolved. I personally haven’t come across this issue before.

Can you paste the code you are using for the tag here? What other tags do you have included in the container?

I’ve deployed the tracker to a few hundred containers and I can’t say I’ve ever seen it flagged as malware.

@mike on one of the containers is nearly empty, the only nonstandard tags are from HubSpot. In the second case, there are only standard GA events tracked. The code which I use in both of them is:

<script type="text/javascript">
window.snowplow('newTracker', 'cf', '', {
  appId: "dlabspl-1",
  cookieDomain: "",
  gaCookies: true

If you remove the any triggers invoking the Snowplow tag and republish the container (to force a rescan) and then add the tag back in does the warning reappear?

Do you have Google Search console setup? And if so has the domain or site been flagged as being malware / suspicious in the past?

@mike so I’ve created new tag with exactly the same content. Remove all triggers and republished the container. After 24 hours warning do not appear. I will add now some trigger.

As to Google Search console - I do have and I don’t see that site has been flagged as malware / suspicious.

@mike right after adding a trigger it was marked as malware. :confused:

@mike @ihor I will add a flavor to this case. I’ve changed a tag to contain only no-script tracking pixel. Guess what, it was also marked as malware by GTM. It seems that the case is related to domain reputation. However, I’ve checked this domain in various tools and it is clear (even in Google tools).

Problem solved with a new domain. Yes, we bought a new domain and Snowplow works like a charm.