Description
This policy identifies AWS GuardDuty Detectors that do not have Malware Protection for EC2 enabled.
Malware Protection for EC2 helps detect potential malware by scanning Amazon EBS volumes attached to EC2 instances and container workloads running on Amazon EC2.
Rationaleβ
GuardDuty Malware Protection for EC2 scans your EC2 instances for malware. When suspicious behavior is detected, GuardDuty can automatically initiate a malware scan of attached EBS volumes by taking a snapshot and analyzing it. This provides effective threat detection without requiring you to deploy or maintain additional security software on your instances.
Impactβ
Charges for GuardDuty Malware Protection are based on the total and prorated GB of Amazon EBS data scanned each month.
Auditβ
This policy flags an AWS GuardDuty Detector as INCOMPLIANT if the EBS_MALWARE_PROTECTION Feature is set to DISABLED.