Breaking out of Air Watch Android Secure Launcher

I have set up an Android Secure Launcher for a customer, within the launcher are two bookmarks which use VMWare browser, the browser has only three white listed sites, the third site is the companies home page.
Two white listed sites have their own profile that is published within the Secure Launcher and shown as bookmarks on the Launcher home page.
This works well.
However when in the Launcher and in VMWBrowser,
if you go to the settings page in VMWare Browser,
then tap About,
then Legal,
then VMWare Privacy Policy
It takes you to a non White listed VMWare page where you can brows all sorts of pages including training, sales and gives the user the ability to fill out forms to contact Sales, even allows you out to a Microsoft site and Youtube .
… Arghhhhhh this breaks all the lock down the whole solution is designed to prevent.

I can also break out by going into settings - privacy.
I can not add as a denied site as this over rides the white listed sites.

AW have confirmed the escape route and is investigating it.