Capability to control Data egress to VirtualBox

Products Endpoint Protector Ideas
,
1

What is a one sentence summary of your feature request?

Introduce granular control over data egress to VirtualBox environments, including clipboard, drag-and-drop, and shared folder interactions.

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

Currently, CoSoSys EPP lacks built-in mechanisms to monitor and control data movement between host systems and VirtualBox virtual machines. This creates a potential data exfiltration vector, as users can bypass endpoint controls by transferring files or sensitive data via clipboard copy-paste, drag-and-drop, or VirtualBox shared folders. Adding the ability to control and log these specific data flows would significantly enhance security by extending DLP capabilities into virtual environments. It would also improve workflow efficiency by allowing administrators to fine-tune access rules—enabling trusted actions while blocking or auditing high-risk interactions.

How do you currently solve the challenges you have by not having this feature?

Today, we rely on host-level policies, manual configuration of VirtualBox settings, and user education to limit data transfers, which is difficult to enforce and audit consistently. These workarounds lack the visibility and control needed for comprehensive data loss prevention, particularly in regulated or high-security environments.

1 Like
2

Hi Henrique,

Thank you for submitting this idea!

We are pleased to let you know that this request has been deemed valid. Our Development Team is currently investigating the feasibility of implementing the capability to control data egress to: VirtualBox, VMware Workstation & Player, and VMware Fusion.

Once we have developed an effective solution for that, we will ensure that you are kept informed regarding our future plans.

Regards,
Simona

3

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

4

Adding ProductBoard links for further visibility & traceability of the feature:

  1. VirtualBox – https://portal.productboard.com/rqqgx2aos1cf9enrezvrre6a/c/400-implement-capability-to-control-data-egress-to-virtualbox
  2. VMware Workstation & Player – https://portal.productboard.com/rqqgx2aos1cf9enrezvrre6a/c/397-implement-capability-to-control-data-egress-to-vmware-workstation-player
  3. VMware Fusion – https://portal.productboard.com/rqqgx2aos1cf9enrezvrre6a/c/401-implement-capability-to-control-data-egress-to-vmware-fusion


Simona

5

Dear Henrique,

I hope this finds you well!

We’re pleased to announce that Endpoint Protector now provides enhanced visibility into clipboard and file exchanges with Virtual Machines. This feature is included in the latest Netwrix Endpoint Protector 2511 Client & Enforced Encryption Release.

Important Note: For full functional coverage, an upcoming EPP Server 2512 or higher version will be required.

You can read the full release announcement here: https://community.netwrix.com/t/endpoint-protector-2511-client-enforced-encryption-released/117986

We trust this enhancement brings you great value.

Kind Regards,
Simona