How to recognize and avoid malicious EXE files in Windows

Cybercriminals commonly use malicious EXE files to spread malware, ransomware, or spyware. Therefore, you should be able to recognize and avoid potentially harmful files to protect your device from infection. If you suspect that a file may be dangerous, there are several ways to check it before using it.

1 Check File Name, Extension, Size and Source

Examining key file attributes can help you identify potentially malicious EXE files. Start by checking the file name and extension. If the file has a generic name like “install.exe” or “update.exe” instead of the expected name, or if it uses double extensions (eg “file.pdf.exe”), this can be a red flag.

The file size can also be an indicator. Files that are unusually small or excessively large compared to the typical expected size of a program may be malicious. To reduce the risk of infection, always download files from official sources and avoid executable files received through spam emails or social media links.

2 Run the file through your antivirus software

If you try to open or download an EXE file and your antivirus software displays a warning, take it seriously. Instead of downloading immediately, run a scan of a specific file with Microsoft Defender. If you are using a third-party antivirus software, right-click the file and select the option to scan with the installed program.

If the scan flags a file as suspicious or malicious, remove it immediately to protect your system. Never run a questionable file “just to see” if it’s safe; this can lead to data theft, malware and other security issues. Also, keep your anti-virus software turned on so that it can receive instant alerts if any potentially harmful files enter your computer.

While Windows Defender usually detects threats and alerts you automatically, I prefer to install a third-party antivirus program on my system to increase protection.

3 Analyze the file with VirusTotal

If you want to check if an executable file is malicious without downloading it, try using VirusTotal. This online tool scans files and URLs using several antivirus engines and databases and provides detailed reports on potential threats. This can also prevent you from downloading a potentially harmful EXE file.

To use this tool:

1. Go to VirusTotal.
2. Select url paste the url where the file is hosted and press Enter. VirusTotal will then display results from many antivirus engines.

If it detects threats, avoid downloading the file. If you’ve already downloaded it, you can also upload it directly to VirusTotal to scan for infections.

4 Check the digital signature

You can also verify the authenticity of the EXE file by checking its digital signature. This is essentially a “seal of approval” from the software publisher confirming that the file has not been modified since it was signed. If the file lacks a digital signature or contains an unexpected publisher, you need to be careful.

To view a digital signature:

1. Right click on the EXE file and select Features.
2. Go to Digital signatures table Select a signature, click Detailsthen View the certificate verify the publisher.

If it shows a trusted publisher, go to the page Certification Path confirm that it says “This certificate is OK”.

5 Make sure Windows SmartScreen protection is turned on

Windows SmartScreen is a built-in security feature that checks files and applications against a database of threats and alerts you to potential risks when working with suspicious files or applications on your computer. Although this is usually enabled by default in Windows 10/11, you need to double check that SmartScreen filters are enabled.

To verify that SmartScreen is enabled:

1. Right-click on the Start button and open Settings.
2. Then go to Privacy and security > Windows security > Apps and browser controlsand click on Setting protection based on reputation.
3. Make sure all four filters are turned on, especially the filter Check apps and files filter.

This is how you can identify a malicious EXE file. If you stick to official sources and follow the steps above, you can easily detect suspicious files and help keep your computer safe.