Reporting false positives in Malware Protection for Backup

To improve your experience with GuardDuty Malware Protection for Backup, you may report potential false positives and false negatives.

To initiate the process, contact Support. Use the following steps to provide details about the scanned resource:

Sign in to the AWS Management Console and open the GuardDuty console at https://console.aws.amazon.com/guardduty/.
Choose Malware Scans.
Choose a scan to view its Finding ID.
Provide the Finding ID. You must also provide the SHA-256 hash of the file. This is required to ensure that GuardDuty has received the correct file. Please also provide the region you will provide the sample from.
The Support team will provide you an Amazon Simple Storage Service (Amazon S3) presigned URL that you will use to upload the potentially malicious file and SHA-256 hash. For information about steps to upload the scanned resource, see Uploading objects with presigned URLs in the Amazon S3 User Guide.
After you have uploaded the file, inform the Support team.

The Support will provide an acknowledgment after receiving the file. The GuardDuty service team members will analyze your submission, and take appropriate steps to improve your experience with Malware Protection for EC2. The Support team will continue to provide status updates on your case. GuardDuty keeps your S3 object for no more than 30 days.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Reporting false positive S3 object scan result

Remediating findings