Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Enabling GuardDuty-initiated malware scan for a standalone account

Focus mode
Enabling GuardDuty-initiated malware scan for a standalone account - Amazon GuardDuty

A standalone account owns the decision to enable or disable a protection plan in their AWS account in a specific AWS Region.

If your account is associated with a GuardDuty administrator account through AWS Organizations, or by the method of invitation, this section doesn't apply to your account. For more information, see Enabling GuardDuty-initiated malware scan in multiple-account environments.

After you enable GuardDuty-initiated malware scan, GuardDuty will initiate a malware scan of the Amazon EBS volume that is attached to the Amazon EC2 instance that was involved in a GuardDuty. For a list of findings that initiate malware scan, see Findings that invoke GuardDuty-initiated malware scan.

Choose your preferred access method to configure GuardDuty-initiated malware scan for a standalone account.

Console
  1. Open the GuardDuty console at https://console.aws.amazon.com/guardduty/.

  2. In the navigation pane, under Protection plans, choose Malware Protection for EC2.

  3. The Malware Protection for EC2 pane lists the current status of GuardDuty-initiated malware scan for your account. Choose Enable to enable GuardDuty-initiated malware scan in this account.

  4. Choose Save to confirm your selection.

API/CLI

Run the updateDetector API operation using your own regional detector ID and passing the dataSources object with EbsVolumes set to true.

You can also enable GuardDuty-initiated malware scan using AWS CLI by running the following AWS CLI command. Make sure to use your own valid detector ID.

To find the detectorId for your account and current Region, see the Settings page in the https://console.aws.amazon.com/guardduty/ console, or run the ListDetectors API.

aws guardduty update-detector --detector-id 12abc34d567e8fa901bc2d34e56789f0 --features [{"Name" : "EBS_MALWARE_PROTECTION", "Status" : "ENABLED"}]'
  1. Open the GuardDuty console at https://console.aws.amazon.com/guardduty/.

  2. In the navigation pane, under Protection plans, choose Malware Protection for EC2.

  3. The Malware Protection for EC2 pane lists the current status of GuardDuty-initiated malware scan for your account. Choose Enable to enable GuardDuty-initiated malware scan in this account.

  4. Choose Save to confirm your selection.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.