RTP Detection Outbound Compromised

[BryerB]

Hey all,

I was hoping for some clarity as I have a consistent notification, but not sure what it means.

When I use a game Valheim through Steam, when connecting to a dedicated server I get a Malwarebytes notification for an event "Blocked website". Copy and paste of the general report below.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/14/22
Protection Event Time: 4:38 PM
Log File: 9a00bca6-4c08-11ed-88f9-c0b5d7b1afd0.json

-Software Information-
Version: 4.5.15.215
Components Version: 1.0.1784
Update Package Version: 1.0.61057
License: Premium

-System Information-
OS: Windows 10 (Build 19043.2130)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Compromised
Domain:
IP Address: 154.53.51.34
Port: 2457
Type: Outbound
File: C:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe

 

(end)

Does this mean something is on my computer? Or Is that IP address trying to reach out to my computer with a malicious request?

I had originally thought this was on my computer, so I did a windows reset and wiped the hard drive, but got this notification after reinstalling malwarebytes, then steam and valheim and trying one more time.

Any clarity is greatly appreciated, thank you!

[Porthos]

1 hour ago, BryerB said:

Does this mean something is on my computer? Or Is that IP address trying to reach out to my computer with a malicious request?

 

1 hour ago, BryerB said:

File: C:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe

It must be due to some server(s) the games are trying to connect to. Steam and many others use p2p connections to play online. As long as the games aren't at risk for connecting to malicious content (which they shouldn't be), you should be able to simply exclude the games' executables from Web Protection using the method described under the Allow an application to connect to the Internet section of this support article.

[thisisu]

Hi,

That IP address is getting reported for RDP attacks. https://www.abuseipdb.com/check/154.53.51.34

Porthos advice on excluding the game's executables is what I'd recommend too.

Regards

[BryerB]

Ah ok awesome that sounds not too bad then.

Is there a reason the game would reach out to that same IP address, even if I connect different dedicated servers, the 154.53.51.34 compromised blocked notification always comes up no matter the server I'm connecting to. Just want to make sure my system is ok.

[BryerB]

What also seems odd, is when the game is launched and then connected to one of these servers, the notification comes up from Malwarebytes and my internet basically comes to a halt. Never had this before, so its all very curious.

[BryerB]

Hey all,

I resolved the network slowdown which was a separate issue.

I still get RTP outbound blocked event notifications, but new IPs now. The new two IPs blocked were reported on the website above as well for malicious activity.

I believe its because valheim reaches out to talk to a dedicated server service where an instance of the game is hosted, and my machine is most likely not infected. I did exhaustive scans in another thread making sure my system is safe and clean.

Does this sound possible? If I were to exclude the games executable would that leave me vulnerable at all? Thank you for your help!

[Porthos]

3 minutes ago, BryerB said:

I believe its because valheim reaches out to talk to a dedicated server service where an instance of the game is hosted

That was already mentioned.

4 minutes ago, BryerB said:

and my machine is most likely not infected.

 Never said it was.

4 minutes ago, BryerB said:

If I were to exclude the games executable would that leave me vulnerable at all?

Already addressed. But keep in mind nothing is 100%.

On 10/14/2022 at 6:15 PM, Porthos said:

As long as the games aren't at risk for connecting to malicious content (which they shouldn't be)

 

[BryerB]

Ah ok thank you for your time, sorry for the redundancy.

I was just confused about "As long as the games aren't at risk for connecting to malicious content". I guess I don't know if they do or not.

Thank you for the support!