DLP cannot detect files being copied to vmware workstation from host OS to guest OS even when configuring "file application access" on vmware workstation.
This happens when the host machine is windows 10 or 8. Although it is working when the host OS is windows 7.
Any help is appreciated.
Hi @4hm3dh4ny ,
Thank you for writing in here.
Kindly help us with possible screenshots on how you are copying the files from host to guest VM and also share us the screenshots of the rule which you have configured.
Dear Mr. @jsubbura,
Thank your for your response..
- EPO Version: 5.10
- DLP Version: 11.3.2
- The rule of interest: prevent source code from being copied to VMWare.
- I attached screenshots of the configured rules at the end of this reply.
- When configuring the "clipboard" rule, the DLP successfully detects the source code being copied to vmware as "text" (i.e. we open the file copy the text then go to VMWare guest OS and paste the text -> the DLP prevent it).
- When configuring the "file access" rule, the DLP successfully detects the DnD (i.e. the drag-and-drop -> drag the file from the host OS to the guest OS).
- The problem come when we are trying copy the file via C&P (i.e. right click on the file on host OS -> click on copy -> go to guest OS -> right click then choose paste).
Even more details:
- When investigating this case we found that:
- when the Host OS (i.e. the one that we installed VMWare on it) is newer than Windows 7 (e.g. Windows 8.1 or Windows 10), the DLP couldn't detect the sensitive file being copyied from host to guest. Although it detects and prevents the C&P when the Host OS is Windows 7.
- It doesn't matter what the Guest OS is.. I tried even on Windows XP.. so it is related to the Host OS.
- When Investigating the case more closely via API Monitoring tools, we found the the write-to-guest operation is done through "vmware-vmx" executable (i.e. the Virtual Machine Monitor for the opened Virtual Machine) in case of windows 7 as the Host OS.. but in case of any OS newer than Windows 7, we couldn't find the same operation through the "vmware-vmx".
Thank you for your support Mr. @jsubbura .. I really appreciate your help.
Could you please try minimum versions of VMware Workstation 15.1 Pro | 14 May 2019 | Build 13591040 and McAfee® Data Loss Prevention Endpoint (McAfee DLP Endpoint) client build 126.96.36.1992
I hope this could help..
- Updated McAfee DLP Endpoint to (client build 188.8.131.522).
- Tested it with VMware® Workstation 15 Pro latest verion (i.e. 15.5.0 build-14665864).
However the issue still resists and the DLP cannot detect files being copied to vmware workstation from host OS to guest OS.
Hi @4hm3dh4ny ,
Sorry for the delay.
Kindly give me sometime in here to test the scenario below and I would get back to you with the test results.