A standalone account owns the decision to enable or disable a protection plan in their
AWS account in a specific AWS Region.
If your account is associated with a GuardDuty administrator account through AWS Organizations, or by the method of
invitation, this section doesn't apply to your account. For more information, see Enabling
GuardDuty-initiated malware scan in multiple-account environments.
After you enable GuardDuty-initiated malware scan, GuardDuty will initiate a malware scan of the Amazon EBS
volume that is attached to the Amazon EC2 instance that was involved in a GuardDuty. For a list of
findings that initiate malware scan, see Findings that invoke
GuardDuty-initiated malware scan.
Choose your preferred access method to configure GuardDuty-initiated malware scan for a standalone
account.
- Console
-
Open the GuardDuty console at https://console.aws.amazon.com/guardduty/.
-
In the navigation pane, under Protection plans, choose
Malware Protection for EC2.
-
The Malware Protection for EC2 pane lists the current status of GuardDuty-initiated malware scan for your
account. Choose Enable to enable GuardDuty-initiated malware scan in this
account.
-
Choose Save to confirm your selection.
- API/CLI
-
Run the updateDetector API operation using your own regional detector
ID and passing the dataSources
object with EbsVolumes
set to
true
.
You can also enable GuardDuty-initiated malware scan using AWS CLI by running the following AWS CLI
command. Make sure to use your own valid detector ID
.
To find the detectorId
for your account and current Region, see the
Settings page in the https://console.aws.amazon.com/guardduty/ console,
or run the ListDetectors API.
aws guardduty update-detector --detector-id 12abc34d567e8fa901bc2d34e56789f0
--features [{"Name" : "EBS_MALWARE_PROTECTION", "Status" : "ENABLED
"}]'