Waiting for a definitive answer from the Atom team, but I really think this is only the Atom updater that is looking for updates. It requests a web page to see if a new version is available or not, and if so downloads the update.
Thanks for your response! I totally understand that it contacts a webpage, we can see that on our processes monitor but that does not explain why a powershell script is written to disk, executed and then deleted.
I imagine this is because the update process will not just check the atom’s version but also packages’ one, and maybe also because this is the PowerShell script that updates Atom (a program can’t re-write itself while it is running). To be confirmed by the team, though.
I was able to find all of this through some targeted use of the GitHub search functions, mostly searching for powershell, ps1, and [environment]::GetEnvironmentVariable.
So, to answer your question, yes, it is expected for Atom to launch a PowerShell process and execute the GetEnvironmentVariable code. As for why update.exe might create a PowerShell script, you might want to look into the code of the Squirrel.Windows project since that is what we’re using for Atom’s auto-update process.
All of Atom’s source code is open source. So you don’t have to take our word for it that Atom isn’t doing something nefarious, you can check for yourself
Thanks for this response @leedohm
This makes me much more comfortable, but why does this create many oddly named scripts and files on the disk? See my above comment for “Filemods” aka File modifcations.