So, I've dug around a bit and can't seem to hunt down this answer entirely. Short version, I'm setting up a VM environment for Malware Analysis. I've done all the network settings to prevent network leaks from guest to host. BUT I have concerns about the VMWare Tools function. It seems to me if I can copy a file from a guest, and post it in my host system, what prevents malware from being capable of using the VMWare tools from doing something similar (aside from the malware not being written to do so), and escaping the guest and landing on my machine? How does VMWare Tools prevent this from happening? Or does it?