Remediating a potentially malicious S3 object

When an Malware Protection for S3 finding type gets generated in your AWS account, the potentially malicious resource type is an S3Object.

Use the following recommended steps to potentially remediate the generated finding:

Identify the potentially malicious S3 object by checking the S3ObjectDetails associated with the finding.
Isolate the impacted S3 object. If you had enabled tagging at the time of enabling Malware Protection for S3 for the associated Amazon S3 bucket, GuardDuty must have assigned a Malicious tag to this object. Use tag-based access control (TBAC) to restrict access to this S3 object. For more information, see Using tag-based access control (TBAC).

Alternatively, if you do not need this object any longer, you can also choose to delete it or move it to an isolated S3 bucket. For information about considerations for deleting an S3 object, see Deleting objects in the Amazon S3 User Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Remediating a potentially compromised S3 bucket

Remediating a potentially compromised ECS cluster