GuardDuty findings that initiate Malware Protection scans
Malware Protection initiates a scan when GuardDuty detects suspicious behavior indicative of malware on Amazon EC2 instance or container workloads. In the following list of GuardDuty findings, some of the findings can initiate a scan only if they are outbound.
-
Impact:EC2/WinRMBruteForce (Outbound only)
-
UnauthorizedAccess:EC2/RDPBruteForce (Outbound only)
-
UnauthorizedAccess:EC2/SSHBruteForce (Outbound only)