Generic Detection

Threat description


Category: Malware
Type: Other
Platform: W32
Aliases: Generic.malware.[variant], Generic.[variant], gen:win32.malware.[variant], Gen:variant.[variant]


A Generic Detection of a program that has features or behavior indicative of known malicious threats, such as trojans, worms or viruses.


Automatic action

Once detected, the F-Secure security product will either automatically disinfect the suspect file or the user will be prompted to select a desired action. For more information, see: Support Community article: Automatic actions for viruses also used for suspicious items .

More scanning & removal options

More information on scanning and removal options available in your F-Secure product can be found in the Help Center.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more assistance.

Suspect a file is malicious?

If in doubt, or in cases where a legitimate file is suspected to contain malicious code, please send a sample to F-Secure Security Labs via the Submit A Sample (SAS) page for analysis. You may want to refer to the following Support articles for more details:

Or Contact Support for further assistance.

Suspect a False Alarm (FA)?

Occasionally, a legitimate program or file containing code sufficiently similar to a known malware signature will inadvertently trigger a False Alarm or False Positive.

If the suspect file is known to be legitimate, it may be excluded from scanning with the following instructions:

Microsoft also provides enterprise-level instructions for excluding the file in question from scanning by antivirus software:

Technical Details

A program identified by Generic Detection appears to have characteristics that resemble known malware. This may indicate the presence of a malware infection on the system, or that the suspect file itself is malicious.

Generic Detections are a type of detection used by antivirus programs to identify files with malicious characteristics. Unlike single-file detections which identify unique files, a Generic Detection looks for broadly applicable code or behavior characteristics to evaluate a file's potential for causing harm; a single Generic Detection can therefore efficiently identify dozens, or even hundreds of malware.

Generic Detections can be used to identify particular types of malware, based on general physical or behavioral characteristics:

In this case, the Generic Detection identifies threats based on their actions. Alternatively, a Generic Detection can be used to identify specific groups of malware (or families) based on similarities in their code:

Crack files

Generic Detections using the name format "Generic.malware.[variant]", "Suspicious:w32/malware.[variant]!online" or similar may also occasionally detect a crack file, which is used to bypass the protection mechanisms of recently released games and other popular applications. While not strictly malicious, in some countries such files may be considered illegal. In addition, such files may be distributed bundled together with other unsolicited or outrightly malicious files.

Temporary Exchange Database (.EDB) files

Temporary mailbox data files that use the .EDB file extension and are stored at the 'C:\WINDOWS\SoftwareDistribution\DataStore\Logs\' location (they would typically be named 'tmp.edb' or similar) may be unintentionally detected by various security programs from time to time if they behave in a similar manner to known malware.

To exclude a file you are certain is legitimate from further scanning and detection, refer to the instructions under Suspect a False Alarm (FA)? above in the Removal section.


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More