Quoted By:
It's called Sandboxing. A quick google search reveals more than a few guides on how to make VMware as "sandbox'd" as possible.
Search for "VMware sandbox", and educate yourself on what a Sandbox environment is, how it works, and it's limitations.
However, generally speaking, at least by my limited understanding and experience of how most malware works; with 0 network communication, the malware would have to be designed to A. know it's in a Virtual Machine, and B. how to perform it's edict within a Virtual Environment, in order to cause harm.
In other words, even vanilla, you'd have some mitigation protection running potentially compromised programs in a VM.
Again, to my understanding of malware behavior.
