Been running fine for weeks and now I've lost everything. The VM was paused and I've not installed anything new just doing data entry. The restore option is not working.

Is this message coming from the Windows host that’s running VMware Workstation? 

This looks to me like a host AV scan has delivered a false positive on a VMDK file. Not good. it’s usually recommended to exclude vmdk files from host AV scans. If you must AV scan a Windows VM, you’re better off doing it from AV installed in the VM  (using the free Windows Defender AV of Windows 10 or whatever your company decides is their AV of choice). 

Is the VMDK in question configured as a single large file or split into multiple files?  If it’s a single large file and you can’t work with the AV vendor to restore the file from quarantine, then you may be out of luck. Especially if the AV has tried to “fix” things which will corrupt the VM. 

if this is a virtual disk that’s been split into multiple pieces, then maybe @continuum might have some magic that npmight get you going again. 

I’m assuming you don’t have a backup of this VM?

Yes, from the Windows host that’s running VMware Workstation.

But I have tons of VMs on this workstation and this is the first time I've seen this. 

It is a single large file.

No current backup.

I was able to get it running again. But WTF!? The Protection History restore option had no feedback like nothing happened but after a few tries the I was able to run the VM  again. 

I'm just wondering it Windows Defender was able to parse data files in the VMDK or something else?

Going to run some full scans on them again and in the VM. 

It's really odd as I just copied this VM and the original and many other VMs are fine... or so it seems.

Most AV solutions don’t know how to parse individual files out of a VMDK. They just treat it as a stream of bytes and don’t know things like file system internal structures. Those structures and how files are stored within a file system (e.g. allocation units) can fool the scanners. Whatever was written to that particular VM was enough to trigger Defender into thinking something is funny. Your other VMs may well be fine because the offending pattern match isn’t seen in them. 

if you’re going to AV scan VMs, don’t do it from the host. Use Defender scans from within the guest. And exclude the VMs from host scanning. You got away relatively easy with the quarantine. If Defender decided it could have fixed something for you, your VM may have been corrupted beyond repair. 

And, it might be time to implement a backup strategy. Consider this a warning shot across the bow. 

It seems like a false positive, ran a bunch more scans and nothing.

I do backups just not everyday.