GuardDuty generates a finding only when it detects a potential security threat in your AWS account. An Malware Protection for S3 finding indicates that the uploaded object that initiated the malware scan contains a potentially malicious file.
For Amazon GuardDuty to generate a finding in your AWS account, enable both GuardDuty and Malware Protection for S3. The best practice is to first enable GuardDuty and then Malware Protection for S3. If this order is different for you, make sure to enable GuardDuty before an S3 object gets upload to your protected bucket.
Note
GuardDuty can't generate a finding for an S3 object that was scanned before you enabled GuardDuty. To scan an existing S3 object, you may upload it again.
Object:S3/MaliciousFile
A malicious file has been detected on a scanned S3 object.
Default severity: High
-
Feature: Malware Protection for S3
This finding indicates that a malware scan has detected the listed S3 object to be malicious. For more information, view the Threats detected section in the finding details panel.
Recommendation remediation:
If this finding was unexpected, the S3 object is potentially malicious. For information about recommended remediation steps, see Remediating a potentially malicious S3 object.
