Avatar of James Gordon
James Gordon
 asked on

Prevent vmmem from running.

After Windows 10 startup a process called VMMEM runs for approximately 2 minutes, utilizing around 75% of CPU. Aside from the resource intensive nature of this process, what is even more absurd is that I am not running any virtual machine that I am aware of. This problem only started to appear in the past month. Prior to that I have used Windows 10 for 2 years and never saw this process running on my machine. I have searched Google for a way to prevent this to no avail. Although my machine boots in 30 seconds I must wait 2 minutes while nothing useful is happening.

I need a way to prevent this process from running.
Windows 10VirtualizationWindows OS

Avatar of undefined
Last Comment
McKnife

8/22/2022 - Mon
Alex

Are you running docker or Kubernetes in a virtual machine or something??


Also, if you go to services.msc, right click the service and find the location it's running from.


SC Query VMMem may find it also


If not let me know, you should be able to disable the service that runs it.

McKnife

Please verify if the hyper-v feature is installed. If so, but you have no VMs, it could be that OS features that rely on virtualization based security are in use, that you are not aware of.

James Gordon

ASKER
to McKnife,
the checkbox for hyper V is empty in my system characteristics.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
McKnife

Please download and open process explorer from  https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer and start it using right click and selecting "run as administrator". In its list, find and double click that vmmem and see if in its details on the tab "image" it says "Parent: vmwp.exe".

McKnife

More: That check is meant to determine the legitimacy of the process. If you have no hyper-v installed, it shouldn't be there, after all, unless you are using related technologies.

James Gordon

ASKER
To McKnife
the image of process Explorer output is attached. The checkbox for hyper V is not checked in my system characteristics.
I think it is important to note that this problem only started to occur one month ago. I never saw vmmem before that and I have been using Windows 10 since it was 1st released.
Do you need more information?
Thanks, JamesCaptured Image of process info
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
McKnife

Seems to be legitimate.

You would expect to see vmmem whenever a VM is running.


You should investigate what other non-default windows features are installed on your machine. Maybe "virtualization based security" is in effect -  https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs

James Gordon

ASKER
None of the advanced information provided by the link you sent applies to my system. As I said, this started happening one month ago.
Firstly, let me say that it is obvious to me that you are an accomplished troubleshooter, you have done excellent research and you know what you're talking about.

I have no special security requirements, no non´-default Windows features installed and there has been  no new software installed during this month.

Correct me If I am wrong but it seems logical, based on the information you have provided, that the presence of vmmem is not legitimate. As there always is. however, there must be a logical explanation. As Sherlock Holmes says, when all of the likely possibilities have been excluded, what remains must be the answer. I think that all possibilities have been excluded, so, what remains is the question.

James
ASKER CERTIFIED SOLUTION
McKnife

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
James Gordon

ASKER
Thank you, McKnife.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
McKnife

I am eager to know whether msinfo32 showed that " Virtualization-based security" was active, after all, James.