We have many ways to check the files if their safe.
Mainly what we do is:
1: We have an "fake" computer running. (Sandboxie/VMware)
2: There we can decompile the program and check for imports and what the code looks like.
3: We check strings with a tool called: WinRar*, which allows us to read over the strings. (Links and such)
4: Then we check the scans, if there's a high detection rate. We investigate the file closer, if not. We just do a "quick" check to see that everything looks okay.
5: We start the program and blocks internet connection. And we can then see if there was anything else "special" that we missed.