A Generic Detection for programs with features or behaviors indicative of known malicious threats, such as trojans, worms or viruses.
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
A detection name that uses the format "Generic.malware.[variant]", or similar, is a Generic Detection that is triggered if the suspect file appears to be suspicious, potentially undesirable, or has characteristics that resemble known malware. This may indicate the presence of a malware infection, or that the suspect file is malicious.
Once found, either the suspect file will be automatically disinfected or the user will be prompted to select a desired action.
Possible False Alarms (FAs)
Occassionally, a legitimate program or file containing code sufficiently similar to a known malware signature will inadvertently trigger a false alarm.
For example, 'tmp.edb' and other '.edb' files stored at the location 'C:\WINDOWS\SoftwareDistribution\DataStore\Logs\' may be unintentionally detected as malicious by various security programs.
If the suspect file is known to be legitimate, it may be excluded from scanning with the following instructions:
Microsoft also provides enterprise-level instructions for excluding the file in question from scanning by antivirus software:
- Microsoft Support KB 822158: Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
If in doubt, or in cases where a legitimate file is suspected to contain malicious code, please send a sample to F-Secure Security Labs via the Sample Analysis System (SAS) for analysis. You may want to refer to the following Support articles for more details:
- Support Community Article 11667: Submitting a false positive or false negative
- Support Community Article 15587: Recovering quarantined items from the quarantine folder manually
- Support Community Article 21760: Action on files that cannot be disinfected
Or Contact Support for further assistance.
About Generic Detections
Generic Detections are a type of sophisticated detection used by antivirus programs to identify files with malicious characteristics.
Unlike more traditional detections (also known as signatures or single-file detections) a Generic Detection does not identify a unique or individual malicious program. Instead, a Generic Detection looks for broadly applicable code or behavior characteristics that indicate a file as potentially malicious, so that a single Generic Detection can efficiently identify dozens, or even hundreds of malware.
Generic Detections can be used to identify particular types of malware, based on general physical or behavioral characteristics:
In this case, the Generic Detection does not generally specify which family the malware belongs to.
Alternatively, a Generic Detection can be targeted to identify particular malware families, based on familial similarities: