A standalone account owns the decision to enable or disable a protection plan in their
AWS account in a specific AWS Region.
If your account is associated with a GuardDuty administrator account through AWS Organizations, or by the method of
invitation, this section doesn't apply to your account. For more information, see Enabling
GuardDuty-initiated malware scan in multiple-account environments.
After you enable GuardDuty-initiated malware scan, GuardDuty will initiate a malware scan of the Amazon EBS
volume that is attached to the Amazon EC2 instance that was involved in a GuardDuty. For a list of
findings that initiate malware scan, see Findings that invoke
GuardDuty-initiated malware scan.
Choose your preferred access method to configure GuardDuty-initiated malware scan for a standalone
account.
- Console
-
Open the GuardDuty console at https://console.aws.amazon.com/guardduty/.
-
In the navigation pane, under Protection plans, choose
Malware Protection for EC2.
-
The Malware Protection for EC2 pane lists the current status of GuardDuty-initiated malware scan for your
account. Choose Enable to enable GuardDuty-initiated malware scan in this
account.
-
Choose Save to confirm your selection.
- API/CLI
-
Run the updateDetector API operation using your own regional detector
ID and passing the dataSources object with EbsVolumes set to
true.
You can also enable GuardDuty-initiated malware scan using AWS CLI by running the following AWS CLI
command. Make sure to use your own valid detector ID.
To find the detectorId for your account and current Region, see the
Settings page in the https://console.aws.amazon.com/guardduty/ console,
or run the ListDetectors API.
aws guardduty update-detector --detector-id 12abc34d567e8fa901bc2d34e56789f0 --features [{"Name" : "EBS_MALWARE_PROTECTION", "Status" : "ENABLED"}]'
