引用自 christmaS：

Steam uses that port.

Indeed, I found this:

Dedicated or Listen Servers
TCP local port 27015 (default): SRCDS Rcon port
UDP local port 27015 (default): gameplay traffic

The Source RCON Protocol is a TCP/IP-based communication protocol used by Source Dedicated Server, which allows console commands to be issued to the server via a "remote console", or RCON. The most common use of RCON is to allow server owners to control their game servers without direct access to the machine the server is running on. In order for commands to be accepted, the connection must first be authenticated using the server's RCON password, which can be set using the console variable rcon_password.

So yeah, makes sense the report of a incoming connection to that port. Still, I believe that the OP (and everyone) should not expose this port as in only required for dedicated servers.

引用自 Mom's credit card：

引用自 Yukari The Alpaca：

It’s really not bad. I like MBAM. Windows Defender alone is not a good way to stay safe online. An extra layer of security wouldn’t hurt.

Also, can I get an actual answer from someone if they are having this issue or not while using MBAM?

An extra layer would help but malwarebytes is a joke. Get a real antivirus.

sounds like a troll to me

引用自 HALO_run：

引用自 Mom's credit card：

An extra layer would help but malwarebytes is a joke. Get a real antivirus.

sounds like a troll to me

He is.

引用自 Yukari The Alpaca：

引用自 Mom's credit card：

An extra layer would help but malwarebytes is a joke. Get a real antivirus.

Such as?

malware bytes is fine this one doesn't know what hes say'n

引用自 Yukari The Alpaca：

引用自 Mom's credit card：

An extra layer would help but malwarebytes is a joke. Get a real antivirus.

Such as?

That user's a troll, MalwareBytes is good.

Having the same thing. I been having one coming from a IP named 80.211.195.16 . i still have it on my PC. btw this happens when you play Community VAC Servers.

引用自 anastasisariel：

Having the same thing. I been having one coming from a IP named 80.211.195.16 . i still have it on my PC. btw this happens when you play Community VAC Servers.

It is not malware, just ports that have been known to be infected, but the machine you are using probably doesn't have malware.

I'm an IT Security Expert.

MalwareBytes is fine to use and I actually highly recommend it. It means something from steam is listening on that port, and someone from a known malicious IP address is trying to reach your system. It could be because you're a hosting a game server or any number of reasons. But the fact that Malwarebytes is blocking this connection means you are protected because the connection is denied.

Steam uses that port regularly but it's something more than just that, incoming or pinging via it. A game server history list, connecting to a server, etc.

Is it giving you an IP Address or Website? Claiming it blocked that.

Have you been playing a game, such as CS:GO or GMOD, in which you connected to a custom server?

For example:

引用自 anastasisariel：

Having the same thing. I been having one coming from a IP named 80.211.195.16 . i still have it on my PC. btw this happens when you play Community VAC Servers.

https://www.virustotal.com/gui/ip-address/80.211.195.16/detection

It's not to suggest the entire server is bad, but the CS 1.6 (censored).ru custom server originally hosted upon it was malicious and therefore that server had been blacklisted.

MalwareBytes then assumes it's a risky hacker's IP Address and is picking up on the "Malware.pleskWin32" trojan detected that was hosted upon it at one stage.

That blacklist might be old and the Trojan already removed. It might not even be the same game host from that server you are playing upon, as it could be hosting thousands and they listed/detected it in a game selection list. It's just being pro-active and extra safe, blocking that risk.

---

Clear your steam cache. Also, depending on the game, the server list history. As in that, it will keep rechecking the server history and detect it again.

If you actually play on that server gaming host, then send it in as a false positive to be checked and cleared by them. They will check the IP and if not bad anymore they will delist it.

Originally the IP blacklisting was done via Malwarebytes hpHosts: hosts-file.net

They closed the hphosts service for "restructuring" and have started pushing the "browserguard" instead, but it still has the blacklist check underneath for both URLs, Email Addresses and IP Addresses.

Reporting false positives is now done on their own forums:
https://forums.malwarebytes.com/forum/122-false-positives/