Dear Mr. @jsubbura, 

Thank your for your response..

General details:
- EPO Version: 5.10
- DLP Version: 11.3.2
- The rule of interest: prevent source code from being copied to VMWare.
- I attached screenshots of the configured rules at the end of this reply.

More details:
- When configuring the "clipboard" rule, the DLP successfully detects the source code being copied to vmware as "text" (i.e. we open the file copy the text then go to VMWare guest OS and paste the text -> the DLP prevent it).
- When configuring the "file access" rule, the DLP successfully detects the DnD (i.e. the drag-and-drop -> drag the file from the host OS to the guest OS).
- The problem come when we are trying copy the file via C&P (i.e. right click on the file on host OS -> click on copy -> go to guest OS -> right click then choose paste).

Even more details:
- When investigating this case we found that:
- when the Host OS (i.e. the one that we installed VMWare on it) is newer than Windows 7 (e.g. Windows 8.1 or Windows 10), the DLP couldn't detect the sensitive file being copyied from host to guest. Although it detects and prevents the C&P when the Host OS is Windows 7.
- It doesn't matter what the Guest OS is.. I tried even on Windows XP.. so it is related to the Host OS.
- When Investigating the case more closely via API Monitoring tools, we found the the write-to-guest operation is done through "vmware-vmx" executable (i.e. the Virtual Machine Monitor for the opened Virtual Machine) in case of windows 7 as the Host OS.. but in case of any OS newer than Windows 7, we couldn't find the same operation through the "vmware-vmx".

Thank you for your support Mr. @jsubbura  .. I really appreciate your help.

file access rule 1file access rule 2clipboard rule 1clipboard rule 2

Hi,

Could you please try minimum versions of VMware Workstation 15.1 Pro | 14 May 2019 | Build 13591040 and McAfee® Data Loss Prevention Endpoint (McAfee DLP Endpoint) client build 11.4.0.452 

I hope this could help..

Regards,

Mohammed

Thank you for the response.. I will upgrade the DLP Endpoint and tell you the results.

Dear Mr @mhasanain1 & Mr @jsubbura 

Thank you for your support.. I followed your instructions as follows:

- Updated McAfee DLP Endpoint to (client build 11.4.0.452).

- Tested it with VMware® Workstation 15 Pro latest verion (i.e. 15.5.0 build-14665864).

However the issue still resists and the DLP cannot detect files being copied to vmware workstation from host OS to guest OS.

Dear Mr. @mhasanain1 & Mr. @jsubbura ,

could you please help me regarding this issue.

thank you in advance.

Hi @4hm3dh4ny ,

Sorry for the delay. 

Kindly give me sometime in here to test the scenario below and I would get back to you with the test results.

Thank you.

Dear Mr. @jsubbura ,

thank you for your response.. I will be waiting.. thank you for your help.

Dear Mr. @jsubbura ,

I would really appreciate it if you kindly give me an update on this case.