Question VMware isolation and AV block on Host??

[simmerskool]

Running the current version VMware Workstation 17... host win10 -- fedora 42 is Guest. been running fedora many months, no issues. The AV on Host win10 is DeepInstinct. I do allow copy & paste between Host & Guest, but not "drag & drop." I opened firefox in fedora and purchased an item with paypal. During this transaction on Guest fedora, I used my iphone to get two factor authentication code (2fa) for paypal and entered the 6-digit code 2fa code into firefox on Guest and it was accepted and transaction completed and order confirmed. All good, but...

Contemporaneously during the transaction I got a Host DeepInstinct blockage alert > C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25032.76.0_x64__8wekyb3d8bbwe\SharedUtilities.QrCodeGenerator.dll

How / why is the possible? I never touched the Host during this transaction. The 2fa code was on my iphone, it never touched the host, I manually typed the 2fa code from keyboard into federa Guest firefox to verify the paypal payment. How could DeepInstinct on Host even react to my eyeballs reading 2fa code on iphone and typing it into Guest OS. As far as I know, all computer are "clean" and my iphone is not linked to Host win10, never has been. And I maybe get one alert from DeepInstinct every 3 or 4 months, and never got one about QrCodeGenerator.dll before and I was NOT generating a QRcode during the transaction. Seems doubtful it was a coincidence and unrelated to the transaction, but WTF? Is it safe?

 

[piquiteco]

@SeriousHoax Looks like @simmerskool doesn't want to venture into the linux world. I installed Linux Mint next to Windows 11, which I don't usually do, finished the installation and restarted mint and went straight into linux mint and windows 11 disappeared, the windows partitions are there, I assume that Grub must have changed the Windows bootloader and now only enters Linux Mint. I'm not even bothering, that's how we learn how to fix things, that's why it's recommended to use advanced mode and partition manually.

 

[bazang]

@SeriousHoax Looks like @simmerskool doesn't want to venture into the linux world. I installed Linux Mint next to Windows 11, which I don't usually do, finished the installation and restarted mint and went straight into linux mint and windows 11 disappeared, the windows partitions are there, I assume that Grub must have changed the Windows bootloader and now only enters Linux Mint. I'm not even bothering, that's how we learn how to fix things, that's why it's recommended to use advanced mode and partition manually.

Administrator cmd:
bcdedit /set {bootmgr} displaybootmenu yes

 

[simmerskool]

good to get the confirmation that DI detection was just a coincidence.

interesting to me that your O&OL appbuster saw and deleted yourphone where mine did not even see it! I have to ask @oldschool if I'm being paranoid. I'm only 98% convinced it was coincidence, 1% isolation leak, 1% malware or some sort of forced backdoor

 

[simmerskool]

@SeriousHoax Looks like @simmerskool doesn't want to venture into the linux world. I installed Linux Mint next to Windows 11, which I don't usually do, finished the installation and restarted mint and went straight into linux mint and windows 11 disappeared, the windows partitions are there, I assume that Grub must have changed the Windows bootloader and now only enters Linux Mint. I'm not even bothering, that's how we learn how to fix things, that's why it's recommended to use advanced mode and partition manually.

huh? I am running fedora 42 in VMware (my daily driver for several months), I have until Oct to decide what to run on Host or extend win10 (or buy a new motherboard and cpu & run win11).

 

[simmerskool]

VMWare Workstation and VirtualBox do not fully isolate the real physical system (Host) from the virtual machine (Guest). At least not by default, anyway.

I noticed this tonight re isolation. Running firefox in VMware fedora 42 guest, I created a URL fav link then after it was saved to the bookmarks toolbar, I edited the fav name to shorten it, all good. A little later I opened firefox in win10 host, went to the web page, clicked the star to create fav link and instead of saving it to the default longer web page name, it had the shortened name created in fedora guest... a WTF moment...?? my firefox does not sync -- or I never manually set it up to sync. one more thing to look into. Host and Guest are on different physical ssd.