Back to All Checks
High GuardDuty Regional

GuardDuty Malware Protection for EC2 should be enabled

FSBP

Description

This control checks whether GuardDuty Malware Protection is enabled. For a standalone account, the control fails if GuardDuty Malware Protection is disabled in the account. In a multi-account environment, the control fails if the delegated GuardDuty administrator account and all member accounts do not have Malware Protection enabled. GuardDuty Malware Protection for EC2 helps you detect the potential presence of malware by scanning the Amazon Elastic Block Store (Amazon EBS) volumes that are attached to Amazon Elastic Compute Cloud (Amazon EC2) instances and container workloads. Malware Protection provides scan options where you can decide if you want to include or exclude specific EC2 instances and container workloads at the time of scanning.

Remediation

To enable GuardDuty Malware Protection for EC2, you need to configure the Malware Protection settings in GuardDuty.

Steps

  1. Navigate to the Amazon GuardDuty console
  2. Go to 'Settings' in the left navigation
  3. Select 'Malware Protection'
  4. Enable 'Malware Protection for EC2'
  5. Configure scan options and exclusions as needed
  6. Set snapshot retention preferences
  7. Save the configuration
  8. Verify that Malware Protection is active

Compliance

FSBP
Start Your Free Security Check