Scan your AWS EBS, ECR, and Lambda resources for malware to help identify threats, prioritize remediation efforts, and secure cloud workloads.
Agentless Vulnerability & Threat Detection provides anti-malware scanning for potential
threats, such as viruses, Trojans, and spyware, in your AWS EBS, ECR, and Lambda resources.
Anti-malware scanning is not enabled for AWS by default. You may enable the feature
at any time in Cloud Accounts for existing AWS accounts or when deploying a new CloudFormation template. If you
enable anti-malware scanning on an existing AWS account, scanning begins during the
next daily scan. Scan times are not configurable.
Procedure
- Go to and click Add Account.
- Choose CloudFormation as the deployment method, select Single AWS Account, and click Next.
- Specify the general information for the account and click Next. For more details, see Adding an AWS account using CloudFormation.The Features and Permissions screen appears.
- In Features and Permissions, enable Agentless Vulnerability & Threat Detection and select the deployment regions.
Note
Selected regions are the regions where Agentless Vulnerability & Threat Detection is deployed, not necessarily the region of your AWS account. You may select multiple deployment regions. - Click Scanner Configuration and enable anti-malware scanning.
- Select the AWS resource types you wish to include in anti-malware scans. By default,
no resource types are selected.
Important
Enabling anti-malware scanning increases your AWS operational costs. For more information, see Agentless Vulnerability & Threat Detection estimated deployment costs for AWS. - Click Save Changes and continue configuring the CloudFormation template.
- For AWS accounts that you have already connected in Cloud Accounts:
- Select the AWS account.
- Go to the Stack Update tab.
- In Features and Permissions, enable Agentless Vulnerability & Threat Detection and follow the configuration steps.