Enabling GuardDuty-initiated malware scan for a standalone account - Amazon GuardDuty
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Enabling GuardDuty-initiated malware scan for a standalone account

A standalone account owns the decision to enable or disable a protection plan in their Amazon Web Services account in a specific Amazon Web Services Region.

If your account is associated with a GuardDuty administrator account through Amazon Organizations, or by the method of invitation, this section doesn't apply to your account. For more information, see Enabling GuardDuty-initiated malware scan in multiple-account environments.

After you enable GuardDuty-initiated malware scan, GuardDuty will initiate a malware scan of the Amazon EBS volume that is attached to the Amazon EC2 instance that was involved in a GuardDuty. For a list of findings that initiate malware scan, see Findings that invoke GuardDuty-initiated malware scan.

Choose your preferred access method to configure GuardDuty-initiated malware scan for a standalone account.

Console

  1. Open the GuardDuty console at https://console.amazonaws.cn/guardduty/.

  2. In the navigation pane, under Protection plans, choose Malware Protection for EC2.

  3. The Malware Protection for EC2 pane lists the current status of GuardDuty-initiated malware scan for your account. Choose Enable to enable GuardDuty-initiated malware scan in this account.

  4. Choose Save to confirm your selection.

API/CLI

Run the updateDetector API operation using your own regional detector ID and passing the dataSources object with EbsVolumes set to true.

You can also enable GuardDuty-initiated malware scan using Amazon CLI by running the following Amazon CLI command. Make sure to use your own valid detector ID.

To find the detectorId for your account and current Region, see the Settings page in the https://console.amazonaws.cn/guardduty/ console, or run the ListDetectors API.

 aws guardduty update-detector --detector-id 12abc34d567e8fa901bc2d34e56789f0 --features [{"Name" : "EBS_MALWARE_PROTECTION", "Status" : "ENABLED"}]'