this is a very good question.
As far as I can see it, this easyhook is http://easyhook.github.io/ , which in their own words is used to "...extend (via hooking) unmanaged code APIs..."
In the NPrinting 17 case, this is used to instrument the desktop version of Qlikview.EXE which is opened by the NPrinting 17 so called "Engine" service in session 0 (which shouldn't have interactive programs opened at all to begin with).
What's very unclear to me: To my knowledge this "hooking" is mainly used by viruses to record keystrokes or do other harmful things. Why does Qlik have to use it at all, don't they own the sources to Qlikview and could develop something less suspicious looking?
Furthermore I wouldn't call Qlikview "unmanaged code", or is it?
Finally I'm not sure how secure this whole scenario is - can this "Easyhook" sercvie be used by others, to do less desirable things?
It would be great to hear from Qlik what's it all about with NPrinting 17 and security.
PS: Additionally this hooking thing seems to slow down stuff to a crawl. Compared to NPrinting 16, reload times are horrible in our installation using real-life data!