Third-party programs are widely used on Windows and other operating systems. But, how can you tell if a program is safe to install or not? How can you be so sure that the program file you are going to run on your system, contains no virus? As attackers use program (exe) files to inject different types of malware and viruses and attack your system, it is critical to ensure you are installing a safe program. In this guide, we will be discussing some tips to check if a file is malicious or not.
How to check if a file is malicious
Here are the ways to check a program file for virus before installing it on your PC:
- Basic steps
- Right-click the file and scan it with your security software
- Get it scanned with an Online Malware Scanner
- Check for Verified Publisher
- Verify File Integrity with Hash Value
- Use the Windows Sandbox feature.
Now, let’s check out these in detail.
1] Basic steps
A file may show the icon of a, say, Word document and display the name as, say, File.docx. But do not get fooled by the file icon, the name, or the “file extension part” you may see. First, make Windows show the file extension and only then check the file extension. If the mentioned file File.docx was a disguised malware file, don’t be surprised if its name now appears as File.docx.exe! Such disguised files have a high probability of being malicious.
Next, check it is in the location it is meant to be or not. Windows OS files are located in the System32 folder typically. If a file has a name similar to a legit Windows file but is located elsewhere, it could be a virus.
Also, open the doubtful file’s location, right-click on it select Properties, and check under the Details tab. Do you recognize its Publisher, developer, or Copyright holder?
2] Right-click the file and scan it with your security software
The next thing you can do to check a program file for viruses is to scan it with Windows built-in security feature which is Windows Defender. After downloading a program file, simply right-click on it and then use the Scan with Microsoft Defender option. It will scan the file for viruses and show you the results if there are any threats associated. Based on the report, you can completely delete the file in case it is unsafe. If it is locked, you may need to use a File Unlocker Tool first.
If you have a 3rd-party antivirus software installed, you could scan it using your context menu too. You can check the report and take a decision accordingly.
3] Get it scanned with an Online Malware Scanner
When you need a second opinion about a file that you think is malware, then online Malware scanners come in handy. And it is even better if the online scanner uses multiple antiviruses to scan a file.
Jotti Malware Scanner and Virustotal are among the best free online malware scanners to detect files and URLs for malware. They use multiple antivirus engines to analyze and scan files for malware.
Simply go to virustotal.com and from its Files tab, click on the Choose File option to upload the program file you want to check.
As you upload the file, it will start analyzing it with different antivirus engines. The scan will run for a few seconds or minutes (depending upon file size) and when it is done, you will see reports from various antivirus engines. If it is all Green, you can go on with installing the program on your PC.
But, if it shows malicious content status in Red, you should probably not install it on your system.
Furthermore, you can view basic Properties, file version information, signers, behavior tags, comments, and more details to analyze the program file.
4] Check for Verified Publisher
Always check if you are installing software from a verified publisher. It can be Microsoft or any other major and known company. If it is from a popular brand, install it. Else, I would recommend not to install it on your PC.
You can check for publisher information by right-clicking on the program file and then selecting the Properties option. In the Properties window, go to the Digital Signatures tab and check for the names of signers.
Also, make sure you download a program from its official website only. Avoid downloading files from unknown and other platforms.
Read: List of free Ransomware Decryptor Tools.
5] Verify File Integrity with Hash Value
A lot of software brands provide the hash values of their program files on their official website.
You can check this value with a File Integrity & Checksum Checker. If the hash value varies, the file is modified and there are higher chances that it contains malicious code. You can avoid installing it on your PC.
Read: How to tell if your computer has a virus?
6] Use Windows Sandbox feature
If you use Windows 10 Pro or Windows 10 Enterprise Editions, you can use the Windows Sandbox feature to check whether a program is malicious or not.
Simply run Windows Sandbox and copy and paste your program file to it. After that, run the program and analyze its behavior. If it is running smoothly, it is most probably safe. If you see suspicious behavior, then avoid installing it to your actual system. This post will whos you how to enable Windows Sandbox in Windows 10 Home
As they say, prevention is better than cure. So, before opening a suspicious file, do check if it contains any malware or not.