Views:

Scan your AWS EBS, ECR, and Lambda resources for malware to help identify threats, prioritize remediation efforts, and secure cloud workloads.

Agentless Vulnerability & Threat Detection provides anti-malware scanning for potential threats in your AWS EBS, ECR, and Lambda resources, such as viruses, Trojans, spyware, and more. Anti-malware scanning is disabled by default. You may enable the feature at any time in Cloud Accounts for existing AWS accounts or when deploying a new CloudFormation template. Once enabled, anti-malware scanning takes place during the next daily scan. Scan times are not configurable.
To enable anti-malware scanning on a new AWS account:
  1. Go to Service ManagementCloud AccountsAWS and click Add Account.
  2. Choose CloudFormation as the deployment method, select Single AWS Account, and click Next.
  3. Enter the required information and click Next. For more detailed instructions, see Adding an AWS account using CloudFormation.
  4. In Features and Permissions, enable Agentless Vulnerability & Threat Detection and select the deployment regions.
    Note
    Note
    Selected regions are the regions where Agentless Vulnerability & Threat Detection is deployed, not necessarily the region of your AWS account. You may select multiple deployment regions.
  5. Click Scanner Settings and go to Anti-Malware.
  6. Select the resources you wish to include in anti-malware scans.
    Important
    Important
    Enabling anti-malware scanning increases your AWS operational costs. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs.
  7. Click Save Changes and continue configuring the CloudFormation template.
You may also enable anti-malware scanning on connected accounts by selecting the account from the list and going to the Stack Update tab.
Once the feature is enabled and the next daily scan is complete, you may view any malware detections in the following locations in the Trend Vision One console:
  • Cloud PostureCloud Overview
  • Operations DashboardAll Risk Events
  • Operations DashboardRisk Reduction Measures
  • Operations DashboardThreat Detection
  • Cloud asset profile screens in Attack Surface DiscoveryCloud AssetsCloud Asset List
When viewing malware detections, expand the associated risk event to see metadata associated with the detection. Use the metadata to perform a query in the Search app and further investigate the threat. To learn about available remediation options, click View options under the risk event.
Tip
Tip
When performing queries in the Search app, you may search for the partition containing the malware using the file system universal unique identifier (UUID). If the file system UUID is not available in the detection metadata, you can find the UUID using CLI commands.
Once remediated , risk events associated with malware detections in EBS volumes or Lambda functions no longer appear in Attack Surface Risk Management after the next daily anti-malware scan. Malware detections in ECR images remain in Operations DashboardAll Risk Events for seven days after remediation.
Related information