I saw this entries in the log file you sent me last week.
As you can see, those entries refer to _utmz requests, that is a field of the cookies that Google Analitycs stores in our site. You may see also entries refered to _utma, _utmb or _utmc, that also are fields of this cookies.
Since 2.4.0 version the rules duplicate backslashes and backslashes added are not mandatory, so this requests will not be blocked, although the rules will be applied and you will see an entry in your logs.
The SQL Injection filter has a main rule: SQL pattern. This rule should detect almost any sql injection attempt. All the other rules are secondary and will detect other patterns that may be used in an sql injetion attack but it can't be detected by the main rule. I'm thinking the way to reduce the amount of false positives; maybe in the next version I will include some changes about this.
One thing more: now you can upload files. Forum settings only allowed to attach images...