smep_capcom.sys
SMEP-bypass variant of the Capcom anti-cheat driver
smep_capcom.sys is a variant in the lineage of capcom.sysDrivercapcom.sysAnti-cheat driver from Street Fighter V (2016)Open plate →, the driver Capcom shipped with the 2016 PC release of Street Fighter V as part of its anti-cheat. The base capcom.sys is the security community's textbook example of a bring-your-own-vulnerable-driver target: a legitimately signed game driver that exposed a feature to run code with kernel privileges, disclosed by the researcher TheWack0lian in 2016 and corroborated by Kaspersky's Securelist. The 'smep_capcom' name refers to the driver's ability to disable SMEP, a CPU-level protection; the mechanism is intentionally not described here.
This specific variant is catalogued in the public LOLDrivers list alongside the original, which is curated separately in this guide. Microsoft's Vulnerable Driver Blocklist denies the Capcom-family driver on modern Windows.
Its presence is not part of normal gameplay today. On a current system, a Capcom-family driver loading most often means it was placed there deliberately rather than as part of a routine install, and that warrants a look.
smep_capcom.sys is listed as a known-vulnerable driver on the public LOLDrivers project. One distinct binary hash matching this filename is on record.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “smep_capcom.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/smep-capcom-sys
