Modern technology gives us many things.

Is That Windows Process Actually a Virus? 3 Ways to Tell if an EXE File Is Safe


Viruses are good at hiding themselves as legitimate Windows processes. Fortunately, there are ways to check if a process is legitimate or not.

Person using a laptop in a dark room

Have you noticed a strange Windows process and don’t know if it is real or fake? Viruses and other malware have become adept at masquerading as legitimate system processes these days. Luckily, you can use a few methods to verify the process’s authenticity, and they involve checking its executable file or EXE.

Let’s look at three methods you can use to tell whether the EXE of a Windows process is safe.

How to Access the EXE of a Windows Process

Before we get to how you can verify the EXE of a Windows process, let’s see how you can access it. Right-click the Taskbar and choose Task Manager. Then, right-click on the suspicious process and select Open file location.

Opening file location of a windows process in Task Manager

A window will open with the executable file already selected, showing its location.

3 Ways to Tell if the Exe of a Windows Process Is Safe

Telling if an executable file is a legit Windows process isn’t hard. You can use any of the three methods mentioned below.

1. Scan the EXE with an Antivirus

Perhaps one of the quickest ways to tell if a file is a virus is by scanning it with your antivirus. Windows has several free antiviruses you can install. These antivirus programs usually allow you to right-click on the questionable file and select to scan it.

Quickly scanning a file with an antivirus by right clicking

2. Scan the EXE With VirusTotal

Another way to find out if the EXE is legit is to scan it with VirusTotal. You simply upload the suspicious file on the VirusTotal website, and this online scanner will check it for all types of malware. Furthermore, it will automatically share the information it finds with the security community to keep others safe.


Related: The Best Free Online Virus Scan and Removal Sites

3. Check the Certificate

Any authentic Windows process will have a certificate issued by Microsoft. To check this, right-click the file and select Properties. In the Digital Signatures tab, select the signature and then click on Details.

Veiwing digital signatures in properties window

Another window will pop up with the General Tab selected. Click on View Certificate.

View certifcate in digital signatures

You will then see a digital certificate issued by Microsoft, showing that the process is real and not malware.

Digital certificate issued by Microsoft

You can take it a step further by going to the Certification Path tab of the certificate and ensuring it says “This certificate is OK” under Certification status.

Certificate status windows process

Now You Know How to Tell if a Windows Process Is Real or Fake

Knowing whether a Windows process is real or fake is the best way to keep your PC safe. If you’re having trouble determining the legitimacy of a legit-looking system process, checking its EXE is a quick and efficient way to put your mind at ease. And, as you can see, it is easy to do by scanning it with an antivirus or VirusTotal or checking its certificate.

Windows Task Manager Guide Featured
How to Use the Windows Task Manager

The Windows Task Manager is capable of a lot, but using it can seem overwhelming. Here’s a clear overview of what the Task Manager offers.

Read Next

About The Author

Source link

Leave A Reply

Your email address will not be published.