Detect and investigate Amazon EC2 malware with Amazon GuardDuty and Amazon Detective
Public Sector Blog
This article discusses how public sector organizations can detect and investigate malware on Amazon EC2 instances using Amazon GuardDuty and Amazon Detective. The key points include:
- Amazon GuardDuty provides advanced malware detection for EC2 instances
- Two types of malware scans are available: GuardDuty-initiated and on-demand scans
- Amazon Detective helps investigate security findings by analyzing:
- API activity patterns
- Network traffic flows
- Resource configurations
- Two main types of malware findings:
- Execution:EC2/MaliciousFile (confirmed malicious)
- Execution:EC2/SuspiciousFiles (potentially unwanted programs)
The article emphasizes the importance of using AWS security tools to detect, investigate, and respond to potential malware threats in cloud environments.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Dec 2
2025
2025
Amazon GuardDuty adds Extended Threat Detection for Amazon EC2 and Amazon ECS
Jun 11
2024
2024
Detect malware in new object uploads to Amazon S3 with Amazon GuardDuty
Jun 11
2024
2024
Introducing Amazon GuardDuty Malware Protection for Amazon S3
Dec 2
2025
2025
Amazon GuardDuty Extended Threat Detection now supports Amazon EC2 and Amazon ECS
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.