This Article talks about activating on-demand EC2 Malware Scanning
Malware Protection for EC2 is a feature that helps detect potential malware on your EC2 instances and container workloads. Here's what it does:
- Scans EBS volumes attached to EC2 instances and containers running on EC2.
- Allows you to choose which EC2 instances to include or exclude from scans.
- Offers an option to keep snapshots of EBS volumes in your GuardDuty account, but only if malware is found.
- Generates findings when malware is detected.
This feature gives you flexibility in scanning and helps you identify and investigate potential malware threats in your EC2 environment.
Since it scans EBS volume directly, it wont affect the performance of your resources.
Malware Protection for Amazon EC2 offers two types of scans to help you safeguard your EC2 instances:
- Amazon GuardDuty-initiated malware scans
- On-demand malware scans
In this Article, we'll focus on on-demand malware scans
To enable and use on-demand EC2 Malware Scans:
Ensure that both Amazon GuardDuty and Malware Protection for EC2 are enabled in your account.
- Navigate to the GuardDuty console and select "EC2 Malware Scans" from the menu.
- Click on Start On-demand malware scan and add ARN for ec2 instance that needs to be scanned and click Confirm.
-
Once completed, the scan will appear in the EC2 Malware Scans list with a unique scan ID.
-
Select the scan to view detailed information, including:
- Scan coverage
- Number of files scanned
- Invocation method
- Resource type and instance ID
- Scanned EBS volume details
- If malware is detected, click "Click to see malware findings" for more information.
-
The findings page will display relevant information such as finding ID, detected threat details, affected resources and threat intelligence specifics
-
For deeper analysis, you can click "Investigate with Amazon Detective" (requires Amazon Detective to be enabled). This allows you to explore:
GuardDuty findings
VPC workflow
Account-level CloudTrail activity
Unusual trends from unfamiliar IP addresses
By leveraging these on-demand scans and the detailed insights they provide, you can significantly enhance your cloud security posture and respond swiftly to potential malware threats in your Amazon EC2 environment.