Resolved: Excessive Persistent VMMEM CPU Utilization

Home » What Is Vmmem In Windows 10 » Resolved: Excessive Persistent VMMEM CPU Utilization

Maybe your like

Resolution: Uninstall Windows Defender Application Guard UWP and Server.

I recently ran into an issue where every time I started my Work Windows 10 laptop the fan would kick on high.  Glancing quickly at Task Manager I could always see VMMEM and vmwp.exe (Virtual Machine Worker Process) chugging away and eating the CPU and battery.

Process Explorer - Sysinternals: www.sysinternals.com [I E\Shaun.CasseII File Options View Process Find Users Help Private Bytes LANorking Set Process System Idle Process vmmem E$Teams.exe vmwp.exe procexp64.exe System L CPU 48.34 20.06 10.97 5.28 3.53 2.31 60 K 1 ,991 ,040 K 412,312 K 17,188 K 36,280 K 232 K 8K 432,540 K 26,820 K 55,360 K 7,716K
What is VMMEM?

The vmmem process is a virtual process that the system synthesizes to represent the memory and CPU resources consumed by your virtual machines. In other words, if you see vmmem consuming a lot of memory and CPU resources, then that means your virtual machines are consuming a lot of memory and CPU resources.

From <https://devblogs.microsoft.com/oldnewthing/20180717-00/?p=99265>

Virtual Machines Running?
PROBLEMS OUTPUT øø:øe 9.e øø:øe 9.e oø:øe 9.e øø:øe øø:øe øø:øe øø:øe øø:øe DEBUG CONSOLE PS C: Wsers\shaun. cassells> get-vm TERMINAL State CPUUsage(X) MemoryAssigned(m) Uptime Status Operating Operating Operating Operating Operating Operating Operating Operating Operating Operating Version I EDemo I EDemo I EDemo I E Demo IEDemo-191ø-1Eø1 1 EDemo-191ø-1EØ2 1 EDemo-191ø-cmø1 1 EDemo-191e-Dcø1 1 EDemo-191ø-pceoø1 IEDemo-191ø-pceøø2 -191ø-Re1 -191e-pceøø3 -191ø-pceøø4 -191ø-pceøøs Off Off Off Off Off Off Off Off Off Off øø:øe:øø øø:øe:øø normally normally normally normally normally normally normally normally normally normally

Very odd as I have ZERO Hyper-V machines running

Windows Sandbox?

Hmm perhaps it is Windows Sandbox?

  1. appwiz.cpl
  2. Turn Windows Features On and Off (upper left)
  3. Windows Sandbox

Nope that is disabled as well

Windows Features Turn Windows features on or off To turn a feature on, select its check box. To turn a feature off, clear its check box. A filled box means that only part of the feature is turned on. CJ j Telnet Client Client Virtual Machine Platform Windows Defender Application Guard Windows Hypervisor Platform Windows Identity Foundation 3.5 Windows PowerSheII 2.0 Windows Process Activation Service Windows Pro'ected File System "Indows Sandbcy Windows Subs Enables the de Windows TIFF IF' ter Work Folders Client uired run Windows Cancel

Well what is causing the issue? Hmm maybe it is a performance issue?

Maybe I am having a Performance Issue?

Side Note: reporting on counters is easy but not very good at root cause. See day job.

  1. Admin CMD prompt
  2. Perfmon / report

Hmm looks like I have a bad service. MSDTC is failed. Well that could cause some memory issues and VMMEM is perhaps related. Lets fix that. What you are supposed to do is dig through the EventView (great powershell queries exist for that)… or you could try the oldest trick in the book!

https://support.microsoft.com/en-us/help/916926/you-may-receive-error-code-1073737712-when-you-try-to-start-the-distri

Fix:

msdtc -resetlog

Cool well I fixed something that was broken. That’s nice. Still have the high process usage.

Nuclear Option – Hard core root cause

Shutdown the Hyper-V service

Net stop vmcompute

Hyper-V Host compute Service properties (Local computer) General On Display name ; Host Compute support for running V'/indow-s Containers path to C N exe Startup type status ; Running You the start parameters that apply when you start the Start parameters:

This will tell you all dependent processes.

Oh look VMMEM utilization is at dead stop! What is the root cause?

Windows Defender Application Guard

Overview of WDAG: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview

Hardware isolation diagram
Windows Features Turn Windows features on or off To turn a feature on, select its check box. To turn a feature off, clear its check box. A filled box means that only part of the feature is turned on. CJ j Telnet Client Client Virtual Machine Platform Windows Defender Aoohcatlcn Enables platform support for virtual machines In Ows entity oun anon Windows PowerSheII 2.0 Windows Process Activation Service Windows Projected File System Windows Sandbox Windows Subsystem for Linux Windows TIFF IFiIter Work Folders Client Cancel

Turning this off required a reboot and did resolve the VMMEM process running at startup.

Next up. Why?

Looks like it was a UWP application

Windows Defender Application Guard Companion – https://www.microsoft.com/en-us/p/windows-defender-application-guard-companion/9n8gnlc8z9c8?activetab=pivot:overviewtab

Microsoft Store Home Gaming Entertainment Productivity Deals This product is installed. Windows Defender Application Guard Companion Microsoft Corporation Security > PC protection Share 17 Windows Defender Application Guard helps protect your device from advanced attacks by opening untrusted websites in an isolated Microsoft Edge browsing window. Using a unique hardware-based isolation approach, Application Guard opens untrusted websites p Search $3 Wish list More EVERYONE ESRB Overview System Requirements Revi ews Related Available on

Another interesting thread

https://answers.microsoft.com/en-us/edge/forum/edge_other-edge_win10/windows-defender-application-guard-fails-to-load/fec9111c-e795-4a7b-b22b-bbe7f2a84d22?auth=1

Summary

Windows Defender Application Guard (WDAG) was absolutely the root cause. However, just disabling is only the first part of research. Anyone know a way to enable the feature without the CPU and battery drain?

Share this:

  • X
  • Facebook
Like Loading...

Tag » What Is Vmmem In Windows 10