My head is literally spinning with all of the security that is going round off late. Everyone is on the security band wagon and seems to be speaking in urgent conflicting voices. Like a Tower of Babylon security with plenty of conflicts and false positives.
For example, I find that browsers are now encroaching in the areas of anti-virus, and the more “expert” they are getting, the greater possibility of conflict with anti-virus software. Conversely, anti-virus software is trying to get into browser security, opening up plenty of room for conflict with internet browsing. I have Kaspersky anti-virus installed for its expertise as a virus specialist, however with the last two installations had to turn off its URL advisor, as it was interfering with my browser experience. Windows is also trying to get into the security game with security updates that aren’t always confined to Windows. I’ve noticed Windows updates for scanning one’s computer for exploits, and can only imagine if I allowed it to be installed that it would go into conflict with my browser and anti-virus software.
A common problem with addon domains is when one domain is placed in the subdirectory of another domain. In such case, the .htaccess of the top domain is applied for the nested site as well. This results in server errors for non-existing URLs as it assumes that WordPress handles it while your empty site doesn’t have installed WordPress. In such cases we report server errors on non-existing URLs. We do it, because a working site should not generate any server errors, and such errors may mean that something modified the site and broke it – typical for buggy malware. Even if it’s not malware, the site owner is interested in detecting and fixing such errors. Once they are fixed, SiteCheck will stop flagging those URLs. Of course, I don’t know what exactly was flagged in your case – just describing a common scenario.
And by the way, domain inside another domain’s directory is a very problematic setup. It make the site isolation problem even worst, as the nested site can be accessed via the upper site domain, thus bypassing security rules that work at the nested site level. (just for your information in case you use such a setup).
At this stage of the security game I think the best security is one of common sense. Being able to develop one’s own Security BS Detector to filter the best of what is available in all of the security offerings, and to disable that which may create conflicts.