diff --git a/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Infrastructure/VirtualMachines/KeepVMDisksByExtension.toml b/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Infrastructure/VirtualMachines/KeepVMDisksByExtension.toml
new file mode 100644
index 0000000..7c8384b
--- /dev/null
+++ b/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Infrastructure/VirtualMachines/KeepVMDisksByExtension.toml
@@ -0,0 +1,14 @@
+[[ClassifierRules]]
+EnumerationScope = "FileEnumeration"
+RuleName = "KeepVMDisksByExtension"
+MatchAction = "Snaffle"
+Description = "Virtual Machine Disks can contain sensitive data or credentials."
+MatchLocation = "FileExtension"
+WordListType = "Exact"
+MatchLength = 0
+WordList = [
+"\\.vmdk",
+"\\.vdi",
+"\\.vhd",
+"\\.vhdx"]
+Triage = "Red"