How do I scan a download for malware before opening it?

Right-click the file and scan it with your antivirus, such as Microsoft Defender on Windows. For extra assurance, upload it to VirusTotal for a multi-engine scan, and verify its checksum if one is published.

Is VirusTotal safe and free to use?

Yes, VirusTotal is a free, reputable service that scans files with many engines. Do not upload confidential files, though, since submissions can be shared with security vendors; check the file's hash instead.

Does Microsoft Defender scan downloads automatically?

Yes. With real-time protection on, Defender scans files as they are downloaded and run. You can also right-click any file and choose Scan with Microsoft Defender for an on-demand check.

What is a fake download button?

It is a deceptive ad, usually a large, prominent Download button, placed to trick you into clicking it instead of the real link. The genuine official link is often smaller and elsewhere on the page.

Why is a file named something.pdf.exe dangerous?

The real file type is the last extension, .exe, so it is an executable program disguised as a PDF. Enable file extension display and never open files with a hidden executable extension.

Can antivirus catch every threat?

No. New malware can slip past any single scanner, which is why combining a good antivirus with VirusTotal, checksum verification and safe download habits gives much better protection.

How to Scan Downloads for Malware: A Safe Download Guide

⬇️

Get it from the official source

We don't host files. These links take you straight to the genuine, safe installer on the developer's website.

⬇ VirusTotal ↗ ⬇ Microsoft Defender / Security ↗ ⬇ Malwarebytes ↗

The moment a download finishes, there is a temptation to double-click it immediately. Resist that for thirty seconds. Malicious software most often reaches people through downloads disguised as something legitimate: a fake installer, a cracked app, a document that is really an executable, or a file grabbed from a lookalike site. A quick scan before you open anything is one of the highest-value security habits you can build.

Scanning is not just about running antivirus, although that is part of it. It also means knowing where the file came from, checking it against multiple detection engines, verifying its checksum when one is published, and recognizing the tricks attackers use, like fake download buttons and double file extensions. None of this takes long once it becomes routine.

This guide walks through how to scan a download for malware step by step, the free tools that do it well, and the warning signs that should make you delete a file unopened. The goal is simple: get the software you actually wanted, and nothing else.

Top picks & alternatives

VirusTotal

Scans files and URLs with dozens of antivirus engines at once

Visit official site ↗

Microsoft Defender

Built-in Windows antivirus with real-time and on-demand scanning

Visit official site ↗

Malwarebytes

Popular on-demand scanner for malware and unwanted programs

Visit official site ↗

ClamAV

Open-source antivirus engine for cross-platform scanning

Visit official site ↗

PowerShell Get-FileHash

Built-in Windows command to verify a download's checksum

Visit official site ↗

ESET Online Scanner

Free on-demand scanner for a second opinion on Windows

Visit official site ↗

Start before you download: the source matters most

The safest scan is the one you never need because you downloaded from the right place. Always get software from the official vendor's website or a reputable app store. Be especially wary of search ads, which sometimes lead to lookalike sites, and of "download portals" that wrap installers in their own adware-laden downloader.

Steer clear of cracked, pirated or "pro unlocked" software entirely. These are among the most common malware carriers, and no antivirus catches everything. If the official version is free, there is no reason to risk a tampered copy.

Scan with your antivirus

Once a file is downloaded, scan it before opening. On Windows, the built-in Microsoft Defender is solid: right-click the file and choose Scan, or let real-time protection check it automatically. On macOS, built-in protections like Gatekeeper and XProtect screen downloads, and you can add a reputable third-party scanner if you want extra coverage.

Keep your antivirus and its definitions up to date; an out-of-date scanner misses recent threats. A single, well-maintained antivirus is better than stacking several, which can conflict.

Use VirusTotal for a second opinion

For anything you are unsure about, upload the file to VirusTotal, a free service that scans it with dozens of antivirus engines at once and reports which, if any, flag it. Because it pools many engines, it catches threats a single antivirus might miss. You can also paste a download URL or a file's hash to check it without uploading.

One caveat: do not upload confidential files, since submissions can be shared with security vendors. For sensitive documents, scan the file's hash instead of the file itself, or rely on local scanning. A handful of flags from obscure engines can be false positives, but several reputable engines agreeing is a strong warning.

Verify the checksum

When a publisher lists a checksum (ideally SHA-256), verify it. Calculate the hash of your downloaded file and compare it to the official value; a match confirms the file was not corrupted or tampered with in transit. On Windows use PowerShell's Get-FileHash, on macOS use shasum -a 256, and on Linux use sha256sum. A mismatch means delete and re-download from the official source.

Where projects offer signed releases, verifying the digital signature is even stronger, because it proves the publisher's identity, not just the file's integrity.

Spot the traps before they catch you

Attackers rely on a small set of reliable tricks. Learn to recognize them:

Fake download buttons: big, colorful "Download" ads that are not the real link. Find the genuine, often smaller, official link.
Double extensions: a file named invoice.pdf.exe is an executable, not a PDF. Enable file extension display so you can see the real type.
Unexpected file types: a document download that arrives as an .exe, .scr or script file is a red flag.
Password-protected archives: sometimes used to hide malware from scanners; treat with suspicion.

When in doubt, do not open it. Delete the file and start over from a source you trust.

Frequently asked questions

⚠️ Stay safe: Always download from the official website linked above, verify the file checksum where provided, and scan installers with your antivirus. ToolDownload.net is not affiliated with these vendors — see our disclaimer.

How to Scan Downloads for Malware

Get it from the official source

Top picks & alternatives

VirusTotal

Microsoft Defender

Malwarebytes

ClamAV

PowerShell Get-FileHash

ESET Online Scanner

Start before you download: the source matters most

Scan with your antivirus

Use VirusTotal for a second opinion

Verify the checksum

Spot the traps before they catch you

Frequently asked questions

Questions & answers

Ask a question

Comments (0)

Leave a comment