Thank you DavidR!
I agree that it would be better to do Restore and Add Exception and that there would be a risk if it were hacked or malicious, which is why I sent it for analysis to Avast, but since they do not respond, I need to find an alternate virus detector. But, I guess in that case I would need to extract the file, which might prevent a subsequent Restore and Add Exception. So, it seems that I am caught in a loop.
I don't know if the file is digitally signed. How do I find out? It might be that I need to extract it in order to find out.