Scan your AWS EBS, ECR, and Lambda resources for malware to help identify threats, prioritize remediation efforts, and secure cloud workloads.
Agentless Vulnerability & Threat Detection provides anti-malware scanning for potential
threats in your AWS EBS, ECR, and Lambda resources, such as viruses, Trojans, spyware,
and more. Anti-malware scanning is disabled by default. You may enable the feature
at any time in Cloud Accounts for existing AWS accounts or when deploying a new CloudFormation template. Once enabled,
anti-malware scanning takes place during the next daily scan. Scan times are not configurable.
To enable anti-malware scanning on a new AWS account:
-
Go toand click Add Account.
-
Choose CloudFormation as the deployment method, select Single AWS Account, and click Next.
-
Enter the required information and click Next. For more detailed instructions, see Adding an AWS account using CloudFormation.
-
In Features and Permissions, enable Agentless Vulnerability & Threat Detection and select the deployment regions.
Note
Selected regions are the regions where Agentless Vulnerability & Threat Detection is deployed, not necessarily the region of your AWS account. You may select multiple deployment regions. -
Click Scanner Settings and go to Anti-Malware.
-
Select the resources you wish to include in anti-malware scans.
Important
Enabling anti-malware scanning increases your AWS operational costs. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs. -
Click Save Changes and continue configuring the CloudFormation template.
You may also enable anti-malware scanning on connected accounts by selecting the account
from the list and going to the Stack Update tab.
Once the feature is enabled and the next daily scan is complete, you may view any
malware detections in the following locations in the Trend Vision One console:
-
-
-
-
-
Cloud asset profile screens in
When viewing malware detections, expand the associated risk event to see metadata
associated with the detection. Use the metadata to perform a query in the Search app and further investigate the threat. To learn about available remediation options,
click View options under the risk event.
TipWhen performing queries in the Search app, you may search for the partition containing
the malware using the file system universal unique identifier (UUID). If the file
system UUID is not available in the detection metadata, you can find the UUID using CLI commands.
|
Once remediated , risk events associated with malware detections in EBS volumes or
Lambda functions no longer appear in Attack Surface Risk Management after the next daily anti-malware scan. Malware detections in ECR images remain in
for seven days after remediation.