Enabling GuardDuty-initiated malware scan for a standalone account - Amazon GuardDuty

Enabling GuardDuty-initiated malware scan for a standalone account

A standalone account owns the decision to enable or disable a protection plan in their AWS account in a specific AWS Region.

If your account is associated with a GuardDuty administrator account through AWS Organizations, or by the method of invitation, this section doesn't apply to your account. For more information, see Enabling GuardDuty-initiated malware scan in multiple-account environments.

After you enable GuardDuty-initiated malware scan, GuardDuty will initiate a malware scan of the Amazon EBS volume that is attached to the Amazon EC2 instance that was involved in a GuardDuty. For a list of findings that initiate malware scan, see Findings that invoke GuardDuty-initiated malware scan.

Choose your preferred access method to configure GuardDuty-initiated malware scan for a standalone account.

Console
  1. Open the GuardDuty console at https://console.aws.amazon.com/guardduty/.

  2. In the navigation pane, under Protection plans, choose Malware Protection for EC2.

  3. The Malware Protection for EC2 pane lists the current status of GuardDuty-initiated malware scan for your account. Choose Enable to enable GuardDuty-initiated malware scan in this account.

  4. Choose Save to confirm your selection.

API/CLI

Run the updateDetector API operation using your own regional detector ID and passing the dataSources object with EbsVolumes set to true.

You can also enable GuardDuty-initiated malware scan using AWS CLI by running the following AWS CLI command. Make sure to use your own valid detector ID.

To find the detectorId for your account and current Region, see the Settings page in the https://console.aws.amazon.com/guardduty/ console, or run the ListDetectors API.

aws guardduty update-detector --detector-id 12abc34d567e8fa901bc2d34e56789f0 --features [{"Name" : "EBS_MALWARE_PROTECTION", "Status" : "ENABLED"}]'