[jstarfish]

Makes them easier to exfiltrate too.

Desktop eDLP agents run on the hypervisor and MITM the connection between the endpoint and the destination (and/or monitor the filesystem). But if you don't have the agent on your VM...all the agent sees is an encrypted session passed through the shared adapter.

[exec1]

Correct me if I’m wrong, but isn’t it a bit pointless to worry about data exfiltration when we’re already talking about mounting (and, by extension, sharing) directories?

[jstarfish]

Not necessarily? I assumed the author was doing this in a work context and passing data between a physical corporate asset and a VM he created within it. It hasn't been exfiltrated until it leaves the corporate network.

[exec1]

I’m using this setup for my own projects but I suppose this setup could work in a work context as well if we’re talking about a work laptop with all of the project files already on it. In that case, I don’t see how spinning up a local VM and serving those files to the host would allow for data exfiltration, unless I’m misunderstanding you.

[exec1]

I am the author. :) I’ve clarified my use case at the top of the article. I’m not connecting to remote VMs or anything of the sort, all of this is happening in a local VM so the data exfiltration point does not seem to apply (unless I misunderstood your point).

[exec1]

More specifically, I’m having trouble seeing the issue with this approach if you’re, say, working on a laptop that has your project files and decide to spin up a local VM, place the files inside it and share them with the host via NFS/Samba/whatever.