How to Check If a Downloaded File Is Safe Before Opening It

Never Open a Downloaded File Without Checking It First

Downloading a file is one thing — running it is another. Whether it's an installer, a PDF, a ZIP archive, or a script, taking a few moments to verify a downloaded file can be the difference between a clean system and a compromised one. This guide walks you through the most effective methods to check any file before you open it.

Method 1: Scan with VirusTotal

VirusTotal (virustotal.com) is a free online service that analyzes files using over 70 antivirus engines simultaneously. It's one of the fastest and most thorough ways to check a suspicious file.

1. Go to virustotal.com
2. Click the File tab and upload your downloaded file (up to 650 MB)
3. Wait for the scan to complete — usually under a minute
4. Review the results: if the majority of engines show "Clean," you're likely safe

Important: Be aware that files you upload to VirusTotal may be accessible to security researchers. Don't upload files containing sensitive personal data.

Method 2: Verify the File Hash

Many trusted software developers publish a cryptographic hash (SHA-256, MD5, or SHA-1) alongside their downloads. This hash is a unique "fingerprint" of the file — if even a single byte is changed, the hash changes completely.

On Windows (PowerShell):

Get-FileHash C:\Users\YourName\Downloads\file.exe -Algorithm SHA256

On macOS/Linux (Terminal):

shasum -a 256 /path/to/file

Compare the output to the hash published on the official download page. A perfect match means the file is exactly what the developer intended to deliver.

Method 3: Check the Digital Signature

Legitimate Windows software is typically digitally signed by its publisher. You can verify this without any extra tools:

1. Right-click the downloaded .exe or .msi file
2. Select Properties
3. Click the Digital Signatures tab
4. Check that a valid signature exists and the publisher name matches who you expect

An unsigned executable from a major software company is a red flag. Most legitimate commercial and open-source software is signed.

Method 4: Run It in a Sandbox

If you're still unsure about a file, run it in an isolated environment before letting it touch your real system. Windows 10/11 Pro and Enterprise include Windows Sandbox, a lightweight virtual machine that disappears after each use.

• Enable Windows Sandbox via: Turn Windows features on or off → Windows Sandbox
• Open Sandbox, copy the file in, and run it to observe behavior
• Alternatively, use a free virtual machine like VirtualBox with a throwaway OS installation

Common Red Flags in Downloaded Files

Red Flag	What It Could Mean
File extension mismatch (e.g., "document.pdf.exe")	Likely malware disguised as a document
Unusually small installer for a large app	May be a downloader/dropper
Antivirus blocks on execution	Treat seriously; investigate before proceeding
No digital signature on a major app	Possibly tampered or unofficial
Hash doesn't match official listing	File has been modified — do not run

Build the Habit

File verification doesn't need to be time-consuming. A quick VirusTotal scan or hash check takes under two minutes and can prevent days of recovery work. Make it part of your download routine — especially for executables, scripts, and archives from unfamiliar sources.