第三方程序广泛用于Windows和其他操作系统。但是,您如何判断程序是否可以安全安装?您如何确定要在系统上运行的程序文件不包含病毒?由于攻击者使用程序 (exe) 文件注入不同类型的恶意软件和病毒并攻击您的系统,因此确保您安装安全程序至关重要。在本指南中,我们将讨论一些检查文件是否为恶意文件的( check if a file is malicious or not)技巧。
如何检查文件是否恶意
以下是在将程序文件安装到 PC 之前检查程序文件是否存在病毒的方法:
- 基本步骤
- 右键单击该文件并使用您的安全软件对其进行扫描
- 使用在线恶意软件扫描程序对其进行扫描(Online Malware Scanner)
- 检查已验证的发布者
- (Verify File Integrity)使用哈希值(Hash Value)验证文件完整性
- 使用 Windows 沙盒功能。
现在,让我们详细检查一下这些。
1]基本步骤
文件可能会显示一个Word文档的图标,并将名称显示为File.docx。但不要被您可能看到的文件图标、名称或“文件扩展名”所迷惑。 首先(First),让 Windows 显示文件扩展名(make Windows show the file extension),然后才检查文件扩展名(file extension)。如果提到的文件File.docx是伪装的恶意软件文件,如果它的名称现在显示为(File.docx)File.docx.exe,请不要感到惊讶!这种伪装的文件很有可能是恶意的。
接下来,检查它是否在它应该在的位置(location)。Windows操作系统文件通常位于System32文件夹中。如果文件的名称类似于合法的Windows文件但位于其他位置,则它可能是病毒。
此外,打开可疑文件的位置,右键单击它选择Properties,然后在Details选项卡下检查。您认识它的发布(Publisher)者、开发者或版权所有(Copyright)者吗?
阅读(Read):使用在线 URL 扫描程序检查网站或 URL 是否安全(Check if a Website or URL is safe using Online URL Scanners)。
2]右键单击(Right-click)该文件并使用您的安全软件对其进行扫描
检查程序文件是否有病毒的下一件事是使用Windows内置安全功能(即Windows Defender)对其进行扫描。 下载程序文件后,只需右键单击它,然后使用“使用 Microsoft Defender 扫描(Scan with Microsoft Defender)”选项。它将扫描文件中的病毒并在存在任何相关威胁时向您显示结果。根据报告,如果文件不安全,您可以完全删除该文件(completely delete the file)。如果它被锁定,您可能需要先使用文件解锁工具。
如果您安装了第 3 方防病毒软件,您也可以使用上下文菜单对其进行扫描。您可以查看报告并据此做出决定。
阅读(Read):保护您的 Windows 计算机所需的预防措施(Precautions required to protect your Windows computer)。
3]使用在线恶意软件扫描程序(Online Malware Scanner)对其进行扫描(Get)
当您需要关于您认为是恶意软件的文件的第二意见时,在线恶意软件(Malware)扫描程序会派上用场。如果在线扫描程序使用多个防病毒软件来扫描文件,那就更好了。
Jotti Malware Scanner和 Virustotal是检测恶意软件文件和URL的(URLs)最佳免费在线恶意软件扫描程序(best free online malware scanners)之一。他们使用多个防病毒引擎来分析和扫描文件中的恶意软件。
只需(Simply)转到 virustotal.com 并从其文件(Files)选项卡中单击选择文件(Choose File)选项以上传您要检查的程序文件。
当您上传文件时,它将开始使用不同的防病毒引擎对其进行分析。扫描将运行几秒钟或几分钟(取决于文件大小),完成后,您将看到来自各种防病毒引擎的报告。如果它都是绿色的,您可以继续在您的 PC 上安装该程序。
但是,如果它以Red显示(Red)恶意内容(malicious content)状态,您可能不应该将它安装在您的系统上。
此外,您还可以查看基本属性(Properties)、文件版本信息、签名者、行为标签、注释和更多详细信息来分析程序文件。
阅读(Read):测试防病毒软件是否正常工作(Test if Antivirus is working or not)。
4]检查已验证的发布者
始终检查您是否从经过验证的发布者处安装软件。它可以是Microsoft或任何其他主要的知名公司。如果它来自流行品牌,请安装它。否则,我建议不要将其安装在您的 PC 上。
您可以通过右键单击程序文件然后选择“属性(Properties)”选项来检查发布者信息。在“属性(Properties)”窗口中,转到“数字签名”(Digital Signatures)选项卡并检查签名者的姓名。
此外,请确保仅从其官方网站下载程序。避免(Avoid)从未知和其他平台下载文件。
阅读(Read):免费 勒索软件解密工具(Ransomware Decryptor Tools)列表。
5]使用哈希值(Hash Value)验证文件完整性(Verify File Integrity)
许多软件品牌在其官方网站上提供其程序文件的哈希值。
您可以使用File Integrity & Checksum Checker检查此值。如果哈希值发生变化,则文件被修改并且包含恶意代码的可能性更高。您可以避免将其安装在您的 PC 上。
阅读(Read):如何判断您的计算机是否有病毒?(tell if your computer has a virus?)
6]使用Windows沙盒功能
如果您使用 Windows 11/10专业版(Pro)或 Windows 11/10企业版(Enterprise Editions),则可以使用Windows 沙盒(Windows Sandbox)功能检查程序是否为恶意程序。
只需运行 Windows Sandbox(run Windows Sandbox)并将您的程序文件复制并粘贴到其中即可。之后,运行程序并分析其行为。如果它运行平稳,它很可能是安全的。如果您看到可疑行为,请避免将其安装到您的实际系统中。这篇文章将告诉你如何在 Windows 11/10 Home 中启用 Windows Sandbox
阅读(Read): How to remove virus from Windows 11/10。
正如他们所说,预防胜于治疗(prevention is better than cure)。因此,在打开可疑文件之前,请检查它是否包含任何恶意软件。
How to check if a file is malicious or not on Windows 11/10
Third-party programs are widely usеd on Windows and othеr operating systеms. But, how can you tеll if a program іs sаfe to inѕtall or not? How can yoυ be so sure thаt the program file you are going tо run on your system, contains no virus? As attackers use program (exe) files to inject different types of malwаre and νiruses and аttack your system, it is critical to ensure you are installing a safe program. In this guide, we will be discussing some tips to check if a file is malicious or not.
How to check if a file is malicious
Here are the ways to check a program file for virus before installing it on your PC:
- Basic steps
- Right-click the file and scan it with your security software
- Get it scanned with an Online Malware Scanner
- Check for Verified Publisher
- Verify File Integrity with Hash Value
- Use the Windows Sandbox feature.
Now, let’s check out these in detail.
1] Basic steps
A file may show the icon of a, say, Word document and display the name as, say, File.docx. But do not get fooled by the file icon, the name, or the “file extension part” you may see. First, make Windows show the file extension and only then check the file extension. If the mentioned file File.docx was a disguised malware file, don’t be surprised if its name now appears as File.docx.exe! Such disguised files have a high probability of being malicious.
Next, check it is in the location it is meant to be or not. Windows OS files are located in the System32 folder typically. If a file has a name similar to a legit Windows file but is located elsewhere, it could be a virus.
Also, open the doubtful file’s location, right-click on it select Properties, and check under the Details tab. Do you recognize its Publisher, developer, or Copyright holder?
Read: Check if a Website or URL is safe using Online URL Scanners.
2] Right-click the file and scan it with your security software
The next thing you can do to check a program file for viruses is to scan it with Windows built-in security feature which is Windows Defender. After downloading a program file, simply right-click on it and then use the Scan with Microsoft Defender option. It will scan the file for viruses and show you the results if there are any threats associated. Based on the report, you can completely delete the file in case it is unsafe. If it is locked, you may need to use a File Unlocker Tool first.
If you have a 3rd-party antivirus software installed, you could scan it using your context menu too. You can check the report and take a decision accordingly.
Read: Precautions required to protect your Windows computer.
3] Get it scanned with an Online Malware Scanner
When you need a second opinion about a file that you think is malware, then online Malware scanners come in handy. And it is even better if the online scanner uses multiple antiviruses to scan a file.
Jotti Malware Scanner and Virustotal are among the best free online malware scanners to detect files and URLs for malware. They use multiple antivirus engines to analyze and scan files for malware.
Simply go to virustotal.com and from its Files tab, click on the Choose File option to upload the program file you want to check.
As you upload the file, it will start analyzing it with different antivirus engines. The scan will run for a few seconds or minutes (depending upon file size) and when it is done, you will see reports from various antivirus engines. If it is all Green, you can go on with installing the program on your PC.
But, if it shows malicious content status in Red, you should probably not install it on your system.
Furthermore, you can view basic Properties, file version information, signers, behavior tags, comments, and more details to analyze the program file.
Read: Test if Antivirus is working or not.
4] Check for Verified Publisher
Always check if you are installing software from a verified publisher. It can be Microsoft or any other major and known company. If it is from a popular brand, install it. Else, I would recommend not to install it on your PC.
You can check for publisher information by right-clicking on the program file and then selecting the Properties option. In the Properties window, go to the Digital Signatures tab and check for the names of signers.
Also, make sure you download a program from its official website only. Avoid downloading files from unknown and other platforms.
Read: List of free Ransomware Decryptor Tools.
5] Verify File Integrity with Hash Value
A lot of software brands provide the hash values of their program files on their official website.
You can check this value with a File Integrity & Checksum Checker. If the hash value varies, the file is modified and there are higher chances that it contains malicious code. You can avoid installing it on your PC.
Read: How to tell if your computer has a virus?
6] Use Windows Sandbox feature
If you use Windows 11/10 Pro or Windows 11/10 Enterprise Editions, you can use the Windows Sandbox feature to check whether a program is malicious or not.
Simply run Windows Sandbox and copy and paste your program file to it. After that, run the program and analyze its behavior. If it is running smoothly, it is most probably safe. If you see suspicious behavior, then avoid installing it to your actual system. This post will whos you how to enable Windows Sandbox in Windows 11/10 Home
Read: How to remove virus from Windows 11/10.
As they say, prevention is better than cure. So, before opening a suspicious file, do check if it contains any malware or not.