Monitoring S3 object scan status

When using Malware Protection for S3 with a GuardDuty detector ID, if your Amazon S3 object is potentially malicious, GuardDuty will generate Malware Protection for S3 finding type. Using the GuardDuty console and APIs, you can view the generated findings. For information about understanding this finding type, see Finding details.

When using Malware Protection for S3 without enabling GuardDuty (no detector ID), even when your scanned Amazon S3 object is potentially malicious, GuardDuty can't generate any findings.

The following list provides the potential S3 object scan result values:

NO_THREATS_FOUND – GuardDuty detected no potential threat associated with the scanned object.
THREATS_FOUND – GuardDuty detected a potential threat associated with the scanned object.
UNSUPPORTED – GuardDuty doesn't support scanning this type of object. This S3 object gets skipped at the time of scanning. For more information about supported objects, see Quotas in Malware Protection for S3.
ACCESS_DENIED – GuardDuty can't access this object for scanning. Check the IAM role permissions associated with this bucket. For more information, see Prerequisite - Create or update IAM PassRole policy.
FAILED – GuardDuty can't perform malware scan on this object because of an internal error.

Ways to monitor S3 object scan result

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Troubleshooting Malware Protection plan status details

Using Amazon EventBridge