I don't know exactly, but the two most likely options are a false positive (nothing wrong, MWB just got excited) or you have something attached to the .exe (virus) that isn't being picked up by anything else. I would bet on #1 because if it were #2 the thing would spread to other programs and trigger those too and soon every exe you have would set off the alarm.

Originally posted by Bruhh...:

As soon as you click on in-game join server tab (recent, favorites, friends, community servers) Valheim starts pinging Steam servers to check which ones are online and get their info on world modifiers. Your malwarebytes is probably picking upon that activity and reporting it as suspicious. Valheim pinging this many servers will eventually probably be scrapped as a whole, as there are no password-less servers anyway. You can reduce this pings by lowering steam browser pings per minute in general steam settings → in-game tab → set from 5000 to 250.

I have no idea why would Malware bytes report Valheim.exe causing suspicious activity when you are not running the game. Makes no sense really, unless it's just reporting on past activity.

All that assuming your are not using any mods or have any extra files in Valheim installation folder expect the default ones (mods don't get removed via Steam uninstallation).

I tracked down the IPs and it mainly lead to the same Server host provider in Germany, www.dogado.de.
I tested the game in multiplayer and with friends, it runs without issues and no popups from antivirus. Game syncs with the cloud without issues every time I run the game. No popups and blocked connections.

I tried to upload the exe to the Virustotal website, and Trapmine detected it with Suspicious.low.ml.score <--- (Whatever that means). As many forums and previous Steam topics have said, it may be a false positive.

I still have no clue why Valheim needs to communicate with the server if the game is running fine.

Originally posted by Bruhh...:

I tracked down the IPs and it mainly lead to the same Server host provider in Germany, www.dogado.de.
I tested the game in multiplayer and with friends, it runs without issues and no popups from antivirus. Game syncs with the cloud without issues every time I run the game. No popups and blocked connections.

I tried to upload the exe to the Virustotal website, and Trapmine detected it with Suspicious.low.ml.score <--- (Whatever that means). As many forums and previous Steam topics have said, it may be a false positive.

I still have no clue why Valheim needs to communicate with the server if the game is running fine.

Suspicious.low.ml.score - "ml" here refers to "machine learning", meaning that Trapmine fed it to an AI and said AI didn't quite like how the code was structured (scored low on its list of acceptable metrics). 90-99% of the time it's a false positive.

This also applies any time Microsoft Defender pops up a result with a "!ml" suffix at the end.

It's healthy to be suspicious, both of the original file and the AV result. You did the right thing to check it on VirusTotal and the fact that only one product returned a result and that the result was a ML ping rather than a specific verified malware package tells me, at least, it's safe.