System and method for checking reputations of executable files in an endpoint device use an integrity verification on an executable file being scanned to determine whether the executable file has been unaltered since being installed in the endpoint device. When the executable file has been determined to be unaltered since being installed in the endpoint device, a file origin analysis is executed on the executable file based on a vendor identifier for the executable file to determine whether the executable file is from an approved source. When the executable file is determined to be from an approved source, an output is produced that indicates that the executable file has an approved reputation.