- Newest
- Most votes
- Most comments
There are a few potential reasons why the GuardDuty on-demand malware scan might be stuck in the "running" state for an extended period on a specific EC2 instance:
-
Instance Characteristics: The instance might have certain characteristics that are causing the scan to take longer than expected, such as a large amount of data, high CPU utilization, or limited network bandwidth. This could cause the scan to take an extended time to complete.
-
Networking Issues: There could be networking issues between the EC2 instance and the GuardDuty service, which could prevent the scan from completing successfully. This could be due to firewall rules, network ACLs, or other network configuration issues.
-
Service Availability: There may be temporary service disruptions or high demand on the GuardDuty service, which could cause the scan to take longer to complete or get stuck.
-
Instance State: If the EC2 instance is in a specific state, such as stopping or stopping, the scan may not be able to complete successfully.
To troubleshoot this issue, you can try the following steps:
-
Check the EC2 Instance: Ensure that the EC2 instance is in a healthy state and not experiencing any issues, such as high CPU utilization or network problems.
-
Check the Network Configuration: Verify that the network configuration, including firewall rules and network ACLs, are not preventing the GuardDuty service from accessing the EC2 instance.
-
Check the GuardDuty Service Status: Check the AWS Service Health Dashboard to see if there are any ongoing issues or disruptions with the GuardDuty service that could be impacting the scan.
-
Stop the Scan: If the scan appears to be permanently stuck, you can try to stop it. To do this, you can use the
stop-activity
action in the AWS CLI or the GuardDuty API. This will cancel the ongoing scan and free up the EC2 instance for future scans.
Here's an example of how to stop the scan using the AWS CLI:
aws guardduty stop-activity --detector-id <detector_id> --finding-id <finding_id>
Replace <detector_id>
with the ID of your GuardDuty detector, and <finding_id>
with the ID of the specific finding that is stuck in the "running" state.
After stopping the scan, you can try running a new on-demand malware scan on the EC2 instance to see if it completes successfully. If the issue persists, you may need to further investigate the instance or network configuration to identify the root cause.
aws guardduty stop-activity
is not an available command.
AWS CLI version:
aws-cli/2.15.40 Python/3.11.8 Darwin/20.5.0 exe/x86_64 prompt/off
Guard duty API documentation also does not mention StopActivity endpoint. https://docs.aws.amazon.com/guardduty/latest/APIReference/Welcome.html
Relevant content
- asked 5 years ago
- Accepted Answerasked 22 days ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 24 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a month ago