VMware Workstation

VMware Workstation - Windows 10 x64 with Windows Defender.

I use it the VM mostly to try out software first, see what it does, whether it is what I was looking for, etc.
If not, I restore the VM snapshot.

Software that I am not sure of, I have it always checked by VirusTotal.
When 1 or 2 very unknown 'vendors' are reporting it be malicious, but the other -say- 70 vendors report 'undetected', then I install it.

That said, something that I assume only, but that I have never been 100% sure of...

In case of VM - can malware still cause problems to the host or elsewhere?
I gathered that VM, being a separate environment, malware would not cause harm to the host(?)
However, somewhere I read that it could potentially infect the host as well ...

IF that would be the case, how to be 100% sure then?

Thanks!

Hi,

From a hardening perspective there are a few settings users should know e.g. Preferences>Devices>disable autorun, security considerations for networking and shared folders, security considerations to configure VMware Tools, know the limitations of the virtual hardware version and release notes, etc.

And there are background activities settings such as snapshots, updates, detach/attach periheral usb devices, etc.

The answer below is from Microsoft Edge Copilot. The answer seems curated enough to leave it as is. An even better trained AI bot from VMware e.g. with more insights per virtual hardware version is at least thinkable.

---

---

Edited:

If you've registered your Windows host and Workstation VMs as Azure endpoints, you could make use of compliance findings. As example, there is a policy called "Ensure anti-malware software and signatures are updated. The Antimalware is installed by Azure powershell New-AzConnectedMachineExtension -Name "IaaSAntimalware".
Accordingly to this source, Broadcom antimalware is eligible, too.

 

Thank you very much indeed! My VM is connected to Internet only. The only thing that is shared is OneDrive.
The VM is created with default settings and 2-3 applications (that are also on the host) are installed.
Nothing special.
(The Pro version I purchases because of the snapshots)

Below some VM settings. 

Given that scenario, I assume VM (Windows 10x 64 with default MS Defender) is then safe(?)

Consider the question triangle 'what am I good at?', 'what do I love to do?' and 'what do I get paid for?'.
The less software you are using, the more you're focussing on how the components work, how they interact and what data is processed.
You start asking questions about defaults and begin customizing your system.

The well-known CIA triad refers to Confidentiality, Integrity and Availability.
On Windows host and guest, consider hardening guides such as
- https://ncp.nist.gov/checklist/629
- https://www.cyber.gov.au/sites/default/files/2023-03/PROTECT%20-%20Hardening%20Microsoft%20Windows%2010%20version%2021H1%20Workstations%20%28October%202021%29.pdf

Consider that a standard Windows 10 setup comes with Microsoft Edge which is known to share by-default more data about users' behavior than necessary. Enable hidden Windows features by using the ViVeTool and consider removing Microsoft Edge.

In addition, the VMware OS Optimization Tool https://docs.vmware.com/en/VMware-Horizon/2303-and-later/optimization-guide/GUID-E077FBCF-E492-4580-8325-56E77CF8115C.html#GUID-E077FBCF-E492-4580-8325-56E77CF8115C is for VMware Horizon environments, but it helps to get familiar with how to control common options. You might compare the feature list with other tools e.g. https://github.com/HotCakeX/Harden-Windows-Security, https://github.com/hardentools/hardentools, https://github.com/0x6d69636b/windows_hardening.

Also, see latest docs of Microsoft Defender AV processes and services https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows?view=o365-worldwide

Workstation APIs allows interacting with the VMware hypervisor and virtual machines. This can be by using the rest api, vmrun utility or using the ui. These features are built-in. Workstation has no built-in monitoring ui of what interacts with the hypervisor and with the VMs. To collect Workstation diagnostic information, see https://kb.vmware.com/s/article/1346.

'D:\Virtual Machines' added as Onedrive folder might attract your interest because of potential conflicts between Workstation services and Onedrive services.

The setup depicted shows that the VMs are eligible to share data using cd/dvd, usb and network.

Explore your sweet spot at the intersection of the question triangle. Becoming an information security professional, a devops engineer, data scientist, business IT advocate - all is possible given your scenario.