- VMware Technology Network
- :
- Desktop Hypervisor
- :
- VMware Workstation
- :
- VMware Workstation Player Discussions
- :
- DANGER - Folders, Files, and Malware leaks from Vi...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DANGER - Folders, Files, and Malware leaks from Virtual P.C. can destroy Real P.C.
My real PC runs in C:\ on my primary MBR drive and uses Secondary GPT drive partition E:\ for various purposes.
I was pleased that I was allowed to install VMPlayer 3.14 in E:\VMWare\,
but a little dissappointed that it also added 11 folders + sundry contents within C:\.
I notice that it avoids "program files" and "system32" and instead uses the 32 bit counterparts "program files (x86)" and "SysWOW64"
Would performance and safety be better on my x64 Windows Ultimate PC if I could use an x64 VMPlayer ?
My complaint is that E:\VMWare\ leaks the contents of the virtual machine Windows 7 contained in E:\VMMachine into my Real P.C.
This may be due to my incorrect use,
BUT I have a very real concern that if VMWare leaks files when my user actions surprise it,
THEN it is unlikely to contain any malware that does the unexpected.
I took note that with Shared Folders Enabled
"This may put your computer and data at risk"
"Only enable if you trust the virtual machine with your data".
For safety I did NOT enable Shared Folders.
I thought that made the Real PC safe, but it fails.
I launched a Virtual Windows Explorer in Virtual Windows 7 resident on the GPT drive at E:\VMMachine
and also launched Real Windows Explorer aiming at E:\Images\ in my real system.
Virtual W.E. selected a file in Virtual Windows and drag-dropped across to Real W.E.,
and a "Coping Files" progress bar appeared at the bottom of the VMPlayer window - below the Virtual Machine window.
Then with Virtual W.E. I selected a folder with its contents and used Ctrl'C to Copy, and then selected Real W.E. and used Ctrl'V to paste,
and again a "Coping Files" progress bar appeared at the bottom of the VMPlayer window - below the Virtual Machine window.
Both Drag-Drop and Ctrl'C-Ctrl'V copied selected contents of GPT E:\VMMachine\ to GPT E:\Images\
but the E:\VMWare also added two new random folders holding interim duplicates to my MBR system at
C:\Users\Alan\AppData\Local\Temp\VMwareDnD\e09a0d94\ and
C:\Users\Alan\AppData\Local\Temp\VMwareDnD\bd67a090\
I found that CCleaner removed this %TEMP% junk immediately when run.
Previously when VMWare satured C:\ and consumed all free space the %TEMP% junk needed a reboot before removal.
I now guess that previously Windows locked them because they ran out of space and were not completed;
and yet the designated destinations received completion
The above is a follow-up investigation into a spurious and suspicous *.SYS file that appeared in the root of C:\ at about the time of
http://communities.vmware.com/message/1829329#1829329.
I now use Shared Folders Enabled which seems to avoid the use of C:\...\Temp\
I remain concerned that VMPlayer may find reason other than user error,
to place in its C:\...\Temp\ region some contents of E:\VMMachine and thus unleash malware.