Starting an On-Demand Scan for Malware Protection for Backup

Console

Sign in to the Amazon Management Console and open the GuardDuty console at https://console.aws.amazon.com/guardduty/.
Navigate to Malware Protection for Backup and click on Start on-demand scan.
Choose between Full scan and Incremental scan.
1. To start a full scan, enter the resource ARN of the resource to be scanned.
2. For an incremental scan, enter the Target Resource ARN and the Baseline Resource ARN.
3. If the resource being scanned is a Recovery Point, you also need to enter the name of the Amazon Backup Vault it belongs to.
Service access - you need to choose a role which has the permissions required to access the resource and perform the scan. Click on View Policy to view the exact permissions needed for the role, along with the required trust policy.

You can make changes to the policy based on your requirements or scope down the permissions to the exact resource. For more details on how you can create or update an IAM role, see GuardDuty Malware Protection for Backup: IAM Role Permissions.

For issues with IAM role permissions, see Troubleshooting IAM role permissions error.

API/CLI

Invoke StartMalwareScan which accepts the resourceArn of the resource for which you want to start an on-demand malware scan on. If you want to start an incremental scan, pass in the baselineResourceArn in incrementalScanDetails. As part of the scan configuration, you also need to provide an IAM role that has all the permissions needed to start the scan. After you successfully start a scan, StartMalwareScan returns a scanId. Invoke the GetMalwareScan API to monitor the progress of the started scan and to get details of the scan once it is done.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Get started independently

Monitoring malware scan statuses and results