No, everything is transparently proxied over Tor by default. There's no way to disable it from within the Workstation VM. There is an option for stream isolation, but you don't have to worry about that starting out. If that VM is rooted, the attacker can bypass Tor. In the Whonix setup, Tor runs in a separate VM, called the Gateway, so the attacker would have to break out of the VM, which seems to be much harder than rooting an operating system, even Linux. I've always heard it's possible, but I've never seen a single article, blog post or security advisory about it happening in the wild.