Posted On: Jul 26, 2022

Amazon GuardDuty Malware Protection is now available, in Amazon GuardDuty, to help detect malicious files residing on an instance or container workload running on Amazon Elastic Compute Cloud (Amazon EC2) without deploying security software or agents. Amazon GuardDuty Malware Protection adds file scanning for workloads utilizing Amazon Elastic Block Store (EBS) volumes to detect malware that can be used to compromise resources, modify access permissions, and exfiltrate data. Malicious files that contain trojans, worms, crypto miners, rootkits, bots, and the like can be used to compromise workloads, repurpose resources for malicious use, and gain unauthorized access to data. Existing customers can enable the GuardDuty Malware Protection feature with a single click in the GuardDuty console or through the GuardDuty API. When threats are detected, GuardDuty Malware Protection automatically sends security findings to AWS Security Hub, Amazon EventBridge, and Amazon Detective. These integrations help centralize monitoring for AWS and partner services, automate responses to malware findings, and perform security investigations from the GuardDuty console. With the launch of Amazon GuardDuty Malware Protection there are eight new threat detections:

  1. Execution:EC2/MaliciousFile
  2. Execution:ECS/MaliciousFile
  3. Execution:Kubernetes/MaliciousFile
  4. Execution:Container/MaliciousFile
  5. Execution:EC2/SuspiciousFile
  6. Execution:ECS/SuspiciousFile
  7. Execution:Kubernetes/SuspiciousFile
  8. Execution:Container/SuspiciousFile

The first 30 days of GuardDuty Malware Protection are available at no additional charge for existing GuardDuty accounts. For new accounts, GuardDuty Malware Protection is part of the 30-day Amazon GuardDuty free trial. During the trial period you can see the estimated cost of running the service after the trial period ends in the GuardDuty Management Console. GuardDuty optimizes your costs by only scanning for malware after GuardDuty detects suspicious behavior associated with malware. GuardDuty Malware Protection is available in all AWS regions where GuardDuty is available, excluding the AWS GovCloud (US), AWS China (Beijing) region, operated by Sinnet, and AWS China (Ningxia) region, operated by NWCD. To receive programmatic updates on new Amazon GuardDuty features and threat detections, subscribe to the Amazon GuardDuty SNS topic.

To get started: