A new type of sophisticated detection that is being increasingly used by antivirus programs to identify programs with malicious characteristics.
Unlike more traditional detections (also known as signature-based or single-file detections) a Generic Detection does not identify a unique or individual malicious program.
Instead, a Generic Detection looks for broadly applicable code or behavior characteristics that indicate a file as potentially malicious, so that a single Generic Detection can efficiently identify dozens, or even hundreds of malware.
Generic Detection Names
Generic Detections are named in a different manner from normal signatures, as they are used to indicate group features, rather than those of specific variants. For example, the Generic Detection name:
Indicates that this is a Generic Detection for variants of the Mebroot trojan-downloader family and that it covers a particular 'set' of characteristics designated as B.
More formally known as potentially unwanted programs (PuPs), ‘greyware’ is a general term used to describe applications which pose a potential risk to the user’s system or data, but are less harmful than malware.
The term is generally used to cover programs such as dialers, adware, joke programs and other such files that may negatively impact the user or the computer system’s performance.
Categorization of a program as greyware is by nature highly context-sensitive, as it involves the users own preferences and behavioral patterns, as well as issues of legal/ethical usage.
About Detection Names
A quick guide to Detections - why they are important, how they work and how to read them. Also includes Generic Detections and how they differ from traditional Detections.