Internet-Security.com TCP port 8531 details

TCP port 8531 is used by Microsoft Windows Server Update Services (WSUS) for HTTPS when WSUS is installed on a custom IIS website (the common default is 8530 for HTTP and 8531 for HTTPS).
In many enterprises, Windows Update Agent on Windows 10/11 and Windows Server contacts the local WSUS server over 8531 to retrieve update metadata and content securely.
Microsoft Endpoint Configuration Manager (SCCM/MECM) uses a WSUS-based Software Update Point that listens on 8531 for SSL client communication and for site system interactions.
WSUS upstream/downstream (replica) server synchronization can run over 8531 when SSL is enabled between WSUS servers.
Third‑party patching tools that integrate with WSUS, such as SolarWinds Patch Manager, connect to the WSUS server via its configured HTTPS port (commonly 8531).
While not inherently malicious, this port is seen in attacks against WSUS (e.g., “WSUSpect” and misconfigured/non-SSL WSUS leading to update hijacking); enforcing HTTPS on 8531 and update signing mitigates these risks.

TCP 8531