Malware Scans
You can scan your container images for the presence of malware or any malicious files. During malware scanning, each layer of the image is inspected for known malware signatures or patterns that may indicate the presence of malicious code.
- Malware detection is supported only for the registry sensor.
- The malware scan detects malicious files of only UPX and ELF formats.
Before you begin: Ensure that the registry sensor is deployed with the following argument: --perform-malware-detection. For more information, see Sensor Deployment Guide.
To view the malwares detected for an image, perform the following steps:
- Go to Assets > Images.
- To filter out the images for which malwares are detected, use either the search tokens or the filters available in the left pane.
- Select the image and then View Details from the Quick Actions menu.
- In the left pane, click Malware.
The Malware page shows you the malwares detected for your image. You can use the severity filters to filter the malwares.
The various columns on the Malware page are as follows:
Column Description Layer Hash The hash value of the image layer in which the malware was found. Command The commands to perform specific malicious actions. Prediction The prediction of whether the file or program is likely to be malicious or benign based on its characteristics and behavior. Score The score assigned to a file or program to indicate the likelihood that it is malicious. A higher score indicates a higher probability of malware presence. Severity The severity of the malware. It indicates the level of impact or harm that the malware can cause. It ranges from 1 to 5, with 5 being the highest. Category The category of the malware based on its behavior and purpose. For example, trojans and dropper. Family The group of malwares that share common characteristics, code similarities, behavior, and origin. For example, Mirai and WannaCry. Malicious Files The malicious files that contain code or instructions to perform malicious actions. -
In the Malicious Files column, click the count to view the details about the malicious files.