AWS Security ChangesHomeSearch

AWS guardduty documentation change

Service: guardduty · 2026-07-01 · Documentation low

File: guardduty/latest/ug/supported-s3-features-malware-protection-s3.md

Summary

Fixed grammar in replication description and added clarification that malware scanning only covers object content (not annotations)

Security assessment

Clarifies scanning scope but doesn't indicate any security vulnerability. The annotation limitation is a feature specification, not a security fix.

Diff

diff --git a/guardduty/latest/ug/supported-s3-features-malware-protection-s3.md b/guardduty/latest/ug/supported-s3-features-malware-protection-s3.md
index 14ebe6b16..57ceec021 100644
--- a//guardduty/latest/ug/supported-s3-features-malware-protection-s3.md
+++ b//guardduty/latest/ug/supported-s3-features-malware-protection-s3.md
@@ -26 +26 @@ S3 versioning |  Yes |  All the uploaded S3 objects are scanned for malware. If
-S3 Replication - scan replicated object |  Yes |  If the destination bucket is a protected resource, then GuardDuty will scan all the S3 objects are replicated to the prefixes that are protected and monitored.  
+S3 Replication - scan replicated object |  Yes |  If the destination bucket is a protected resource, then GuardDuty will scan all the S3 objects that are replicated to the prefixes that are protected and monitored.  
@@ -38,0 +39 @@ S3: Tag-based access control (TBAC) |  Yes |  You can define bucket resource pol
+S3 Annotations |  No |  Malware Protection for S3 scans only the S3 object content.