Threat Description

Generic Detection


Aliases: Generic.malware.[variant], Generic.[variant], gen:win32.malware.[variant], Gen:variant.[variant]
Category: Malware
Type: Other
Platform: W32


A program with features or behaviors indicative of known malicious threats, such as trojans, worms or viruses.


Automatic action

Once detected, the F-Secure security product will either automatically disinfect the suspect file or the user will be prompted to select a desired action. For more information, see: Support Community article: Automatic actions for viruses also used for suspicious items .

Suspect a file is malicious?

If in doubt, or in cases where a legitimate file is suspected to contain malicious code, please send a sample to F-Secure Security Labs via the Sample Analysis System (SAS) for analysis. You may want to refer to the following Support articles for more details:

Or Contact Support for further assistance.

Possible False Alarms (FAs)

Occassionally, a legitimate program or file containing code sufficiently similar to a known malware signature will inadvertently trigger a False Alarm or False Positive.

For example, 'tmp.edb' and other '.edb' files stored at the location 'C:\WINDOWS\SoftwareDistribution\DataStore\Logs\' may be unintentionally detected as malicious by various security programs.

If the suspect file is known to be legitimate, it may be excluded from scanning with the following instructions:

Microsoft also provides enterprise-level instructions for excluding the file in question from scanning by antivirus software:


More information on scanning or removal options are available in the documentation for your F-Secure Mobile Security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more assistance.

Technical Details

A program identified by Generic Detection appears to have characteristics that resemble known malware. This may indicate the presence of a malware infection on the system, or that the suspect file itself is malicious.

Generic Detections are a type of detection used by antivirus programs to identify files with malicious characteristics.Unlike single-file detections which identify unique files, a Generic Detection looks for broadly applicable code or behavior characteristics to evaluate a file's potential for causing harm; a single Generic Detection can therefore efficiently identify dozens, or even hundreds of malware.

Generic Detections can be used to identify particular types of malware, based on general physical or behavioral characteristics:

In this case, the Generic Detection identifies threats based on their actions. Alternatively, a Generic Detection can be used to identify specific groups of malware (or families) based on similarities in their code:

Crack files

Generic Detections using the name format "Generic.malware.[variant]", "Suspicious:w32/malware.[variant]!online" or similar may also occasionally detect a crack file, which is used to bypass the protection mechanisms of recently released games and other popular applications. While not strictly malicious, in some countries such files may be considered illegal. In addition, such files may be distributed bundled together with other unsolicited or outrightly malicious files.


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More