Adversaries may use non-standard ports to exfiltrate information.
|S0539||Red Alert 2.0|
Application vetting reports may show network communications performed by the application, including hosts, ports, protocols, and URLs.
Detection would most likely be at the enterprise level, through packet and/or netflow inspection. Many properly configured firewalls may also naturally block command and control traffic over non-standard ports.