I need a way to prevent this process from running.
Are you running docker or Kubernetes in a virtual machine or something??
Also, if you go to services.msc, right click the service and find the location it's running from.
SC Query VMMem may find it also
If not let me know, you should be able to disable the service that runs it.
Please verify if the hyper-v feature is installed. If so, but you have no VMs, it could be that OS features that rely on virtualization based security are in use, that you are not aware of.
the checkbox for hyper V is empty in my system characteristics.
Please download and open process explorer from https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer and start it using right click and selecting "run as administrator". In its list, find and double click that vmmem and see if in its details on the tab "image" it says "Parent: vmwp.exe".
More: That check is meant to determine the legitimacy of the process. If you have no hyper-v installed, it shouldn't be there, after all, unless you are using related technologies.
the image of process Explorer output is attached. The checkbox for hyper V is not checked in my system characteristics.
I think it is important to note that this problem only started to occur one month ago. I never saw vmmem before that and I have been using Windows 10 since it was 1st released.
Do you need more information?
Seems to be legitimate.
You would expect to see vmmem whenever a VM is running.
You should investigate what other non-default windows features are installed on your machine. Maybe "virtualization based security" is in effect - https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs
Firstly, let me say that it is obvious to me that you are an accomplished troubleshooter, you have done excellent research and you know what you're talking about.
I have no special security requirements, no non´-default Windows features installed and there has been no new software installed during this month.
Correct me If I am wrong but it seems logical, based on the information you have provided, that the presence of vmmem is not legitimate. As there always is. however, there must be a logical explanation. As Sherlock Holmes says, when all of the likely possibilities have been excluded, what remains must be the answer. I think that all possibilities have been excluded, so, what remains is the question.
I am eager to know whether msinfo32 showed that " Virtualization-based security" was active, after all, James.