Malware Scans

You can scan your container images for the presence of malware or any malicious files. During malware scanning, each layer of the image is inspected for known malware signatures or patterns that may indicate the presence of malicious code.

• Malware detection is supported only for the registry sensor.
• The malware scan detects malicious files of only UPX and ELF formats.

Before you begin: Ensure that the registry sensor is deployed with the following argument: --perform-malware-detection. For more information, see Sensor Deployment Guide.

To view the malwares detected for an image, perform the following steps:

1. Go to Assets > Images.
2. To filter out the images for which malwares are detected, use either the search tokens or the filters available in the left pane.
3. Select the image and then View Details from the Quick Actions menu.
4. In the left pane, click Malware.

   The Malware page shows you the malwares detected for your image. You can use the severity filters to filter the malwares.

   

   The various columns on the Malware page are as follows:

   Column	Description
   Layer Hash	The hash value of the image layer in which the malware was found.
   Command	The commands to perform specific malicious actions.
   Prediction	The prediction of whether the file or program is likely to be malicious or benign based on its characteristics and behavior.
   Score	The score assigned to a file or program to indicate the likelihood that it is malicious. A higher score indicates a higher probability of malware presence.
   Severity	The severity of the malware. It indicates the level of impact or harm that the malware can cause. It ranges from 1 to 5, with 5 being the highest.
   Category	The category of the malware based on its behavior and purpose. For example, trojans and dropper.
   Family	The group of malwares that share common characteristics, code similarities, behavior, and origin. For example, Mirai and WannaCry.
   Malicious Files	The malicious files that contain code or instructions to perform malicious actions.

5. In the Malicious Files column, click the count to view the details about the malicious files.