Дело в том, что эта смета дропает никем не подписанный ехе-шник, который пытается выполнить инжект в другой процесс, это запрещено.
Надо настроить превентивную защиту.
328311/ProgramData/Doctor Web/Logs$ grep -B2 -A4 deny dwservice.log |tail -n 40
--
id: 6469, timestamp: 09:34:49.836, type: PsInject (43), flags: 1 (wait: 1), cid: 5064/4588:\Device\HarddiskVolume3\SMETA50\TMP\r2A99759B.exe
source context: start addr: 0x4d34c4, image: 0x400000:\Device\HarddiskVolume3\SMETA50\TMP\r2A99759B.exe
hips: type: 18, action: deny [5]
inject: WriteMemory [1], target process: \Device\HarddiskVolume3\SMETA50\smeta50.exe:4352
fileinfo: size: 3188736, easize: 39, attr: 0x20, buildtime: 20.02.2009 17:28:17.000, ctime: 01.09.2017 09:33:46.866, atime: 01.09.2017 09:33:46.866, mtime: 01.09.2017 09:33:46.881, descr: , ver: , company: , oname:
hash: ef84fe61b353356fd84f4b4ebee2ecc39fbd94f0 status: unsigned, pe32, new_pe / unsigned / unknown
id: 6469 ==> undefined [1], time: 22.779640 ms
--
id: 6470, timestamp: 09:34:49.859, type: PsInject (43), flags: 1 (wait: 1), cid: 5064/4588:\Device\HarddiskVolume3\SMETA50\TMP\r2A99759B.exe
source context: start addr: 0x4d34c4, image: 0x400000:\Device\HarddiskVolume3\SMETA50\TMP\r2A99759B.exe
hips: type: 18, action: deny [5]
inject: WriteMemory [1], target process: \Device\HarddiskVolume3\SMETA50\smeta50.exe:4352
fileinfo: size: 3188736, easize: 39, attr: 0x20, buildtime: 20.02.2009 17:28:17.000, ctime: 01.09.2017 09:33:46.866, atime: 01.09.2017 09:33:46.866, mtime: 01.09.2017 09:33:46.881, descr: , ver: , company: , oname:
hash: ef84fe61b353356fd84f4b4ebee2ecc39fbd94f0 status: unsigned, pe32, new_pe / unsigned / unknown
id: 6470 ==> undefined [1], time: 20.451928 ms
--
id: 6471, timestamp: 09:34:49.880, type: PsInject (43), flags: 1 (wait: 1), cid: 5064/4588:\Device\HarddiskVolume3\SMETA50\TMP\r2A99759B.exe
source context: start addr: 0x4d34c4, image: 0x400000:\Device\HarddiskVolume3\SMETA50\TMP\r2A99759B.exe
hips: type: 18, action: deny [5]
inject: WriteMemory [1], target process: \Device\HarddiskVolume3\SMETA50\smeta50.exe:4352
fileinfo: size: 3188736, easize: 39, attr: 0x20, buildtime: 20.02.2009 17:28:17.000, ctime: 01.09.2017 09:33:46.866, atime: 01.09.2017 09:33:46.866, mtime: 01.09.2017 09:33:46.881, descr: , ver: , company: , oname:
hash: ef84fe61b353356fd84f4b4ebee2ecc39fbd94f0 status: unsigned, pe32, new_pe / unsigned / unknown
id: 6471 ==> undefined [1], time: 23.175089 ms
--
id: 6472, timestamp: 09:34:49.903, type: PsInject (43), flags: 1 (wait: 1), cid: 5064/4588:\Device\HarddiskVolume3\SMETA50\TMP\r2A99759B.exe
source context: start addr: 0x4d34c4, image: 0x400000:\Device\HarddiskVolume3\SMETA50\TMP\r2A99759B.exe
hips: type: 18, action: deny [5]
inject: WriteMemory [1], target process: \Device\HarddiskVolume3\SMETA50\smeta50.exe:4352
fileinfo: size: 3188736, easize: 39, attr: 0x20, buildtime: 20.02.2009 17:28:17.000, ctime: 01.09.2017 09:33:46.866, atime: 01.09.2017 09:33:46.866, mtime: 01.09.2017 09:33:46.881, descr: , ver: , company: , oname:
hash: ef84fe61b353356fd84f4b4ebee2ecc39fbd94f0 status: unsigned, pe32, new_pe / unsigned / unknown
id: 6472 ==> undefined [1], time: 29.972877 ms
--
id: 6473, timestamp: 09:34:49.934, type: PsInject (43), flags: 1 (wait: 1), cid: 5064/4588:\Device\HarddiskVolume3\SMETA50\TMP\r2A99759B.exe
source context: start addr: 0x4d34c4, image: 0x400000:\Device\HarddiskVolume3\SMETA50\TMP\r2A99759B.exe
hips: type: 18, action: deny [5]
inject: WriteMemory [1], target process: \Device\HarddiskVolume3\SMETA50\smeta50.exe:4352
fileinfo: size: 3188736, easize: 39, attr: 0x20, buildtime: 20.02.2009 17:28:17.000, ctime: 01.09.2017 09:33:46.866, atime: 01.09.2017 09:33:46.866, mtime: 01.09.2017 09:33:46.881, descr: , ver: , company: , oname:
hash: ef84fe61b353356fd84f4b4ebee2ecc39fbd94f0 status: unsigned, pe32, new_pe / unsigned / unknown
id: 6473 ==> undefined [1], time: 26.977431 ms