Exploit.SpamDocMacro.Gen is a generic detection of specially-crafted PDF document files that download other malicious files, usually ransomware.

Security programs use generic detections that look for broad patterns of code or behavior to identify similar programs or files. If you suspect the file was incorrectly detected, go to: Removal: Suspect a file is incorrectly detected (a False Positive)?.

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Manually cleaning temporary or cache folders

In some cases, an infected file, or archive file containing infected files, is detected inside a temporary or cache folder. For instructions on dealing with such an infection, see:

Exploit Prevention

Exploits usually target vulnerabilities that are application or platform specific - that is, a particular program (or even a particular version of that program) needs to be installed on the machine in order for the exploit to work.

We recommend that any applications installed on a machine are kept updated with the latest security updates to fix any vulnerabilities present and prevent exploitation. For the latest security updates and advice, please consult the application vendor.

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

For more Support


Find the latest advice in our Community.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Exploit.SpamDocMacro.Gen is a generic detection that identifies PDF document files which have been specially-crafted to contain harmful macro code.

The PDF files are typically distributed as attachments to spam email messages. If the attached file is opened, the embedded macro will run and try to exploit targeted vulnerabilities, which may be present on a device.

If the flaw is successfully exploited, the code will download additional files onto the affected machine. The downloaded files are typically ransomware.