AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2025-06-16 · Documentation low

File: guardduty/latest/ug/malware-protection-auditing-scan-logs.md

Summary

Clarified handling of EC2 instances with marketplace product codes in malware scanning, noting regional variations in support.

Security assessment

The update refines documentation about scanning limitations but does not indicate a security vulnerability being addressed. It provides transparency about feature constraints rather than resolving a security flaw.

Diff

diff --git a/guardduty/latest/ug/malware-protection-auditing-scan-logs.md b/guardduty/latest/ug/malware-protection-auditing-scan-logs.md
index 2695d436c..d7277e161 100644
--- a//guardduty/latest/ug/malware-protection-auditing-scan-logs.md
+++ b//guardduty/latest/ug/malware-protection-auditing-scan-logs.md
@@ -79 +79 @@ Reasons for skipping | Explanation | Proposed steps
-`UNSUPPORTED_PRODUCT_CODE_TYPE` | GuardDuty doesn't support scanning of instances with `productCode` as `marketplace`. For more information, see [Paid AMIs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/paid-amis.html) in the _Amazon EC2 User Guide_. For information on `productCode`, see [ProductCode](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ProductCode.html) in the _Amazon EC2 API Reference_.  | Not actionable.  
+`UNSUPPORTED_PRODUCT_CODE_TYPE` | GuardDuty can scan majority of instances with `productCode` as `marketplace`. Some marketplace instances may not be eligible for scanning. GuardDuty will skip such instances and log the reason as `UNSUPPORTED_PRODUCT_CODE_TYPE`. This support varies in AWS GovCloud (US) and China Regions. For more information, see [Region-specific feature availability](./guardduty_regions.html#gd-regional-feature-availability). For more information, see [Paid AMIs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/paid-amis.html) in the _Amazon EC2 User Guide_. For information on `productCode`, see [ProductCode](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ProductCode.html) in the _Amazon EC2 API Reference_.  | Not actionable.