Not really concerned about an infection at this point (I suspect false positive), I’m mostly curious…
When I wanted to create a new Project in Komodo IDE (version 12.0.1, build 91869, platform win32-x86. Built on Mon Feb 10 18:14:23 2020), all my open applications suddenly shut down.
BitDefender was responsible, citing that “…\AppData\Roaming\ActiveState\bin\.state.old has been detected as malicious.” with the threat being “ATC.SuspiciousBehavior.1217110706A07162”. Not sure why all my other processes were shut down, though, but that’s BitDefender.
Now, if I look in the “…\AppData\Roaming\ActiveState\bin” folder, there is only a “state.exe” file with the same timestamp as the BitDefender event. The exe is signed by ActiveState though.
Should I be concerned? Or is it expected that "state.exe be ‘replaced’ by Komodo? Komodo has been installed for several months on this machine without such issue.
I was able to create my Project without issue after I relaunched Komodo.
Thanks for asking. First, that’s a super intense anti-virus you have there. That must have been a little nerve racking to have everything just STOP.
Second, no, nothing to be concerned about regarding state.exe or state.old. In Komodo 12 we integrated ActiveState’s Platform cli tool (The State tool) to allow users to hook into the ActiveState Platform when creating new projects (basically it would install the language you’re using along with all the packages you’re using prebuilt for whatever OS you’re on). If the State tool wasn’t installed already, Komodo would install it at start up. So if you hadn’t installed it yourself, then that’s where it came from.
The state.old is due to the State tools auto update feature that runs every time you run a command. I bet it was the State tool updating that angered BitDefender.