In my case Windows Defender found this. Not sure if it's a false positive or not but managed to remove it with Defender and subsequently did 2 more complete scans and seems to be gone now
Program:Win32/Uwasson.A!ml
Affected items:
containerfile: C:\Program Files (x86)\Common Files\VMware\InstallerCache\{F838A98A-9A53-4983-9D1E-134EC757A162}.msi
containerfile: C:\Program Files (x86)\VMware\VMware Workstation\x64\EFI32.ROM
containerfile: C:\Users\username\AppData\Local\VMware\vmware-download-0454\cdstmp_ws-windows_16.1.0_17198959\VMware-workstation-16.1.0-17198959.exe
However, there are 4 folders with this DIFXAPI.dll file in the Temp directory and these files/folders can't be renamed or deleted even with Admin rights:
1. HICD752.tmp.dir
2. OWAA62C.tmp.dir
3. WGIC9A.tmp.dir
4. ZMH98A2.tmp.dir
Seems as if the installer has been compromised?
