Thank you for your response.

Is there a way to disable this functionality?

I do not want to allow this access and also do not want the user to be prompted.

Hi,

Not as far as I am aware.

There's a checkbox under menu Fusion -> Preferences -> Network

"Require authentication to enable promiscuous mode"

to disable the popup, but not to disable the functionality.

--

Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

I would probably be more concerned with what application is trying to do that rather than disabling it on the host side.

Something in your VM wants promiscuous mode, Fusion's just responding to the request asking your permission, like it should.

Mikero - Exactly.  Is there a way to determine what application made the request?  It would be great if there was a VMware log to look at that would say who / what made the request.

Fusion's virtual hardware won't log the requester, only that it was requested and presented you the dialogue, you'll need to check your guest logs.

To give a comparison, a physical NIC doesn't log anything, it just does what it's told.

How you figure it out tho could go from something simple like:

- use fusion until you get the message

- Examine all running processes in Windows, google anything you don't know about

To something as involved as the following:

- let the operation succeed ('allow' the promiscuous mode to enable)

- Use vmnet-sniffer to capture all the packet data from the host on the vmnet you're using

- analyze the pcap data with wireshark to understand what it's actually doing.

The latter is an exercise in really low level packet analysis and is not for the faint of heart, but if you know what you're doing (or are willing to do the research) it will tell you what's going on with no holds barred.

I don't have any specific answers.  Perhaps there might be useful information in the Windows Event Viewer (eventvwr.exe) at the time that the dialog box appears... the Windows kernel may want to log that an application has requested such privileged access to the network device.  Otherwise, I'd try something like Sysmon, Process Explorer or Handle to identify the culprit.

If you have no network-monitoring application installed in the Windows VM, it could be that some Windows system service is attempting to detect network characteristics or optimize network performance... it would be highly unusual, though.  Another possibility (not that I wish to create panic) is that it might be malware which is attempting to capture network traffic, so make sure that your Windows antivirus/antimalware software is completely up-to-date and have it run a scan.

Cheers,

--

Darius

I had a Windows 7 virtual machine that started popping this up after upgrading to Windows 10. I couldn't figure out why.

So last week I built a new Windows 10 virtual machine completely from scratch.  It started popping up the same message before installing any applications. So, whatever is causing this is is in Windows 10 itself.

One strange thing is that it didn't do it immediately after installing. It started sometime after I allowed Windows to apply updates and started configuring Windows.

For example, one setting was that it defaulted to classifying the local network as Public. After installation I changed it to Private.  Does that mean I've given Windows free license to snoop on the network?

No such link on my VMWare.

Hi,

---

@jamescpa wrote:

No such link on my VMWare.

---

What link are you looking for?
I'm not understanding what you are referring to, can you please enlighten us so we can help?

--
Wil

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

So if I select "Cancel", promiscuous mode is denied?