Heh, that’s really weird. If you site itself is clean and koko-analytics-collect.php has the correct file content (see here), then yeah, this is surely a false positive.
Perhaps they think that the way Koko Analytics collect its statistics is suspicious, although I fail to see how it’s any different from the tracking endpoints used by other analytics solutions out there.
The stated reason is especially weird “SVG.Metamorph.Gen.1”. I did a quick search around the internet and it seems to be targeting attacks like this, but Koko Analytics is doing nothing that even remotely looks like that.
I am going to report your website to BitDefender as a false positive so they can take a closer look at this and hopefully remove it from their detection algorithm: https://www.bitdefender.com/consumer/support/answer/29358/
Best,
Danny