How to Spot and Avoid Malicious EXE Files on Windows

Cybercriminals commonly use malicious EXE files to spread malware, ransomware, or spyware. That’s why you should be able to recognize and avoid potentially harmful files to safeguard your device from infection. If you suspect a file might be unsafe, there are several ways to check it before using it.

1 Check the File Name, Extension, Size, and Source

Examining key attributes of a file can help you identify potentially malicious EXE files. Start by checking the file name and extension. If the file has a generic name like “install.exe” or “update.exe” rather than the expected name or if it uses double extensions (e.g., “file.pdf.exe”), it could be a red flag.

File size can also be an indicator. Files that are unusually small or excessively large compared to the typical size of the expected program may be malicious. To reduce the risk of infection, always download files from official sources and avoid executables received through unsolicited emails or social media links.

2 Run the File Through Antivirus Software

If you try to open or download an EXE file and your antivirus software issues a warning, take it seriously. Rather than downloading it immediately, run a file-specific scan using Microsoft Defender. If you’re using third-party antivirus software, right-click the file and select the option to scan it with your installed program.

If the scan flags the file as suspicious or malicious, delete it immediately to protect your system. Never run a questionable file “just to see” if it’s safe; this could lead to data theft, malware, and other security issues. Also, keep your antivirus software enabled to receive instant alerts if any potentially harmful files enter your computer.

While Windows Defender usually detects threats and alerts you automatically, I prefer to install a third-party antivirus on my system for added protection.

3 Analyze the File Using VirusTotal

If you want to check if an executable file is malicious without downloading it, try using VirusTotal. This online tool scans files and URLs using multiple antivirus engines and databases to provide a detailed report of potential threats. This can prevent you from even downloading a potentially malicious EXE file.

To use this tool:

1. Head to VirusTotal.
2. Select the URL tab, paste the URL where the file is hosted, and press Enter. VirusTotal will then display results from numerous antivirus engines.

If it detects threats, avoid downloading the file. If you’ve already downloaded it, you can also upload the file directly to VirusTotal to scan for infections.

4 Inspect the Digital Signature

You can also verify an EXE file’s authenticity by checking its digital signature. This essentially is a “seal of approval” from the software’s publisher, confirming that the file hasn’t been altered since it was signed. You must exercise caution if the file lacks a digital signature or lists an unexpected publisher.

To view the digital signature:

1. Right-click the EXE file and select Properties.
2. Go to the Digital Signatures tab. Select the signature, click Details, then View Certificate to check the issuer.

If it shows a trusted publisher, go to the Certification Path tab to confirm that it states, “This Certificate Is OK.”

5 Ensure Windows SmartScreen Protection Is Switched On

Windows SmartScreen is an integrated security feature that checks files and applications against a threat database, alerting you to potential risks when dealing with suspicious files or applications on your computer. While this is typically enabled by default on Windows 10/11, you must double-check that the SmartScreen filters are enabled.

To verify SmartScreen is enabled:

1. Right-click the Start button and open Settings.
2. Then, navigate to Privacy & Security > Windows Security > Apps & browser control, and click on Reputation-based protection settings.
3. Ensure all four filters are turned on, especially the Check apps and files filter.

That’s how you can identify a malicious EXE file. If you stick to official sources and follow the steps above, you can easily spot suspicious files and help keep your computer safe.