Amazon GuardDuty Malware Protection can now scan Amazon Elastic Block Store (Amazon EBS) volumes that are encrypted with EBS managed keys attached to EC2 instance and container workloads, in addition to unencrypted EBS volumes, and volumes encrypted with AWS KMS customer-managed keys (CMKs). You can now configure automatic malware scanning based on GuardDuty network-based findings, and initiate on-demand malware scans of EBS volumes encrypted with EBS managed keys. When potential malware is identified, GuardDuty generates actionable security findings with information such as the threat and file name, the file path, the Amazon EC2 instance ID, resource tags and, in the case of containers, the container ID and the container image used, helping customers identify and respond to the malware security finding. GuardDuty Malware Protection does not require you to deploy additional security agents or software and is designed to have no performance impact on running workloads
Source:: Amazon AWS