Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Remediating a potentially malicious S3 object

PDF
RSS
Focus mode
Remediating a potentially malicious S3 object - Amazon GuardDuty

When GuardDuty generates Malware Protection for S3 finding type, it indicates that a newly uploaded object in your Amazon S3 bucket contains malware. The resource type is an S3Object.

Use the following recommended steps to potentially remediate the generated finding:

  1. Identify the potentially malicious S3 object by checking the S3ObjectDetails associated with the finding.

  2. Isolate the impacted S3 object. If you had enabled tagging at the time of enabling Malware Protection for S3 for the associated Amazon S3 bucket, GuardDuty must have assigned a Malicious tag to this object. Use tag-based access control (TBAC) to restrict access to this S3 object. For more information, see Using tag-based access control (TBAC).

    Alternatively, if you do not need this object any longer, you can also choose to delete it or move it to an isolated S3 bucket. For information about considerations for deleting an S3 object, see Deleting objects in the Amazon S3 User Guide.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.