Well, if you look at the attached file in post #1 in this thread, you will see that some URL's are mistakenly identified as trojans.
And being prompted all the time for the same URL is not a good solution. Even if you set SDHelper to remember the answer, it won't work because it's not domain based, it's URL based and these URL's are random most of the time. So the blocking is done by domain and then my allow list is by URL (with query params ignored) - hmm, something doesn't sound like it was thought out well ...