Malware Protection for Backup finding types - Amazon GuardDuty
Execution:EC2/MaliciousFile!SnapshotExecution:EC2/MaliciousFile!AMIExecution:EC2/MaliciousFile!RecoveryPointExecution:S3/MaliciousFile!RecoveryPoint
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Malware Protection for Backup finding types

GuardDuty Malware Protection for Backup provides a single finding for all threats detected during the scan of the requested resource. The finding includes the total number of detections made during the scan, and based on the severity, provides details for the top 32 threats that it detects. Unlike other GuardDuty findings, Malware Protection for Backup findings are not updated when the same resource is scanned again. A new Malware Protection for Backup finding is generated for each scan that detects malware.

The following findings are specific to GuardDuty Malware Protection for Backup.

Execution:EC2/MaliciousFile!Snapshot

A malicious file has been detected in an EBS snapshot.

Default severity: Varies depending on the detected threat.

  • Feature: Malware Protection for Backup

This finding indicates that a GuardDuty Malware Protection for Backup scan has detected one or more malicious files in an EBS snapshot within your environment. For more information, view the Threats detected section in the finding details panel.

Remediation recommendations:

If this is unexpected, your snapshot may be compromised. For more information, see Remediating a potentially compromised EBS Snapshot.

Execution:EC2/MaliciousFile!AMI

A malicious file has been detected in an EC2 AMI.

Default severity: Varies depending on the detected threat.

  • Feature: Malware Protection for Backup

This finding indicates that a GuardDuty Malware Protection for Backup scan has detected one or more malicious files in an AMI within your environment. For more information, view the Threats detected section in the finding details panel.

Remediation recommendations:

If this is unexpected, your AMI may be compromised. For more information, see Remediating a potentially compromised EC2 AMI.

Execution:EC2/MaliciousFile!RecoveryPoint

A malicious file has been detected in an Amazon Backup EC2 Recovery Point.

Default severity: Varies depending on the detected threat.

  • Feature: Malware Protection for Backup

This finding indicates that a GuardDuty Malware Protection for Backup scan has detected one or more malicious files in an EC2 recovery point within your environment. The impacted Recovery Point could be an EBS snapshot or an EC2 AMI. For more information, view the Threats detected section in the finding details panel.

Remediation recommendations:

If this is unexpected, your EC2 recovery point may be compromised. For more information, see Remediating a potentially compromised EC2 Recovery Point.

Execution:S3/MaliciousFile!RecoveryPoint

A malicious file has been detected in an Amazon Backup S3 Recovery Point.

Default severity: Varies depending on the detected threat.

  • Feature: Malware Protection for Backup

This finding indicates that a GuardDuty Malware Protection for Backup scan has detected one or more malicious objects in an S3 Recovery Point within your environment. For more information, view the Threats detected section in the finding details panel.

Remediation recommendations:

If this is unexpected, your S3 recovery point may be compromised. For more information, see Remediating a potentially compromised S3 Recovery Point.