The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to check if a File is malicious or not on Windows 11/10

Download Windows Speedup Tool to fix errors and make PC run faster

Third-party programs are widely used on Windows and other operating systems. But how can you tell if a program is safe to install or not? How can you be so sure that the program file you are going to run on your system contains no virus? As attackers use program (exe) files to inject different types of malware and viruses and attack your system, it is critical to ensure you are installing a safe program. In this guide, we will be discussing some tips to check if a file is malicious or not.

Check if a program file is malicious before installation

How to check if a file is malicious

Here are the ways to check a program file for viruses before installing it on your PC:

  1. Basic steps
  2. Right-click the file and scan it with your security software
  3. Get it scanned with an Online Malware Scanner
  4. Check for Verified Publisher
  5. Verify File Integrity with Hash Value
  6. Use the Windows Sandbox feature.

Now, let’s check out these in detail.

1] Basic steps

A file may show the icon of a, say, Word document and display the name as, say, File.docx. But do not get fooled by the file icon, the name, or the “file extension part” you may see. First, make Windows show the file extension and only then check the file extension. If the mentioned file File.docx was a disguised malware file, don’t be surprised if its name now appears as File.docx.exe! Such disguised files have a high probability of being malicious.

Next, check it is in the location it is meant to be or not. Windows OS files are located in the System32 folder typically. If a file has a name similar to a legit Windows file but is located elsewhere, it could be a virus.

Also, open the doubtful file’s location, right-click on it select Properties, and check under the Details tab. Do you recognize its Publisher, developer, or Copyright holder?

Read: Check if a Website or URL is safe using Online URL Scanners.

2] Right-click the file and scan it with your security software

The next thing you can do to check a program file for viruses is to scan it with Windows’ built-in security feature, which is Windows Defender. After downloading a program file, simply right-click on it and then use the Scan with Microsoft Defender option. It will scan the file for viruses and show you the results if there are any threats associated. Based on the report, you can completely delete the file in case it is unsafe. If it is locked, you may need to use a File Unlocker Tool first.

If you have a 3rd-party antivirus software installed, you could scan it using your context menu too. You can check the report and make a decision accordingly.

Read: Precautions required to protect your Windows computer.

3] Get it scanned with an Online Malware Scanner

When you need a second opinion about a file that you think is malware, then online Malware scanners come in handy. And it is even better if the online scanner uses multiple antiviruses to scan a file.

Jotti Malware Scanner and Virustotal are among the best free online malware scanners to detect files and URLs for malware. They use multiple antivirus engines to analyze and scan files for malware.

Simply go to virustotal.com, and from its Files tab, click on the Choose File option to upload the program file you want to check.

As you upload the file, it will start analyzing it with different antivirus engines. The scan will run for a few seconds or minutes (depending on file size), and when it is done, you will see reports from various antivirus engines. If it is all Green, you can go on with installing the program on your PC.

But, if it shows malicious content status in Red, you should probably not install it on your system.

Furthermore, you can view basic Properties, file version information, signers, behavior tags, comments, and more details to analyze the program file.

Read: Test if Antivirus is working or not.

4] Check for Verified Publisher

Always check if you are installing software from a verified publisher. It can be Microsoft or any other major and known company. If it is from a popular brand, install it. Otherwise, I would recommend not to install it on your PC.

You can check for publisher information by right-clicking on the program file and then selecting the Properties option. In the Properties window, go to the Digital Signatures tab and check for the names of signers.

Also, make sure you download a program from its official website only. Avoid downloading files from unknown and other platforms.

Read: List of free Ransomware Decryptor Tools.

5] Verify File Integrity with Hash Value

A lot of software brands provide the hash values of their program files on their official website.

You can check this value with a File Integrity & Checksum Checker. If the hash value varies, the file is modified, and there are higher chances that it contains malicious code. You can avoid installing it on your PC.

Read: How to tell if your computer has a virus?

6] Use Windows Sandbox feature

If you use Windows 11/10 Pro or Windows 11/10 Enterprise Editions, you can use the Windows Sandbox feature to check whether a program is malicious or not.

Simply run Windows Sandbox and copy and paste your program file to it. After that, run the program and analyze its behavior. If it is running smoothly, it is most probably safe. If you see suspicious behavior, then avoid installing it on your actual system. This post will show you how to enable Windows Sandbox in Windows Home.

How do I know if a file has malware?

How to view file certificate

There are several ways to check if a file has malware or not. You can check its certificate. If the file has a certificate from a genuine source, the file does not have malware. To do so, right-click on the file and select Properties. Now, go to the Digital Signatures tab and then see the Name of Signer. For example, in the above screenshot, msedgewebview2 has a certificate from Microsoft Corporation. Therefore, it is a genuine file.

Alternatively, if you have antimalware software, you can use it to scan the file. In this article, we have described some effective ways to check whether or not a file is infectious.

Read: What is False Negative or False Positive in Cyber Security?

How do I check if a file is safe?

There are many online virus scanners that let you scan your files for viruses, malware, and other security threats. These platforms have a limit to scanning files for free. Alternatively, you can also check a file certificate in its Properties. If you have antivirus software, you can also use it to scan files for viruses. However, antivirus software automatically scans the files you download from the internet and alerts you if a threat is detected.

Related: How to check if a Website is safe using Online URL Scanners, etc.

How do I scan for malicious files?

You can use your antivirus or antimalware software to scan for malicious files. Windows Defender is an excellent antivirus that is available for free for all Windows users. If you do not have a third-party antivirus, you can scan your files either with Windows Defender or with free online virus scanner platforms.

ReadHow to remove virus from Windows.

As they say, prevention is better than cure. So, before opening a suspicious file, do check if it contains any malware or not.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *