After seeing John's post I initially thought he was answering in jest, but after some quick poking around on one of my lab systems it looks like he is not.
There is no legitimate process or program with anything approaching that name included in R80.20, so the process shouldn't be there. Perhaps it is part of some kind of Threat Prevention update that my lab system does not have (hence the "mal" part of the name) but the question of how the program got onto that system needs to be answered, specifically as to whether it was placed there by an authorized user or an unauthorized one. Good luck.
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com