# Enabling GuardDuty-initiated malware scan for a standalone account A standalone account owns the decision to enable or disable a protection plan in their Amazon Web Services account in a specific Amazon Web Services Region. If your account is associated with a GuardDuty administrator account through Amazon Organizations, or by the method of invitation, this section doesn't apply to your account. For more information, see [Enabling GuardDuty-initiated malware scan in multiple-account environments](configure-malware-protection-guardduty-initiated-multi-account.md). After you enable GuardDuty-initiated malware scan, GuardDuty will initiate a malware scan of the Amazon EBS volume that is attached to the Amazon EC2 instance that was involved in a GuardDuty. For a list of findings that initiate malware scan, see [Findings that invoke GuardDuty-initiated malware scan](gd-findings-initiate-malware-protection-scan.md). Choose your preferred access method to configure GuardDuty-initiated malware scan for a standalone account. ------ #### [ Console ] 1. Open the GuardDuty console at [https://console.amazonaws.cn/guardduty/](https://console.amazonaws.cn/guardduty/). 1. In the navigation pane, under **Protection plans**, choose **Malware Protection for EC2**. 1. The Malware Protection for EC2 pane lists the current status of GuardDuty-initiated malware scan for your account. Choose **Enable** to enable GuardDuty-initiated malware scan in this account. 1. Choose **Save** to confirm your selection. ------ #### [ API/CLI ] Run the [https://docs.amazonaws.cn/guardduty/latest/APIReference/API_UpdateDetector.html](https://docs.amazonaws.cn/guardduty/latest/APIReference/API_UpdateDetector.html) API operation using your own regional detector ID and passing the `dataSources` object with `EbsVolumes` set to `true`. You can also enable GuardDuty-initiated malware scan using Amazon CLI by running the following Amazon CLI command. Make sure to use your own valid {{detector ID}}. To find the `detectorId` for your account and current Region, see the **Settings** page in the [https://console.amazonaws.cn/guardduty/](https://console.amazonaws.cn/guardduty/) console, or run the [https://docs.amazonaws.cn/guardduty/latest/APIReference/API_ListDetectors.html](https://docs.amazonaws.cn/guardduty/latest/APIReference/API_ListDetectors.html) API. ``` aws guardduty update-detector --detector-id {{12abc34d567e8fa901bc2d34e56789f0}} --features [{"Name" : "EBS_MALWARE_PROTECTION", "Status" : "{{ENABLED}}"}]' ``` ------