For Linux computers, besides the actual users, there are also multiple users created by the system. Depending on the distributions, the list of users can include root, 65534 and lightdm.
Based on the system processes running at any given time on the computer, besides the real user, any of the system users can become active. The Endpoint Protector Client is not identifying the users on its own but instead, it interrogates a system library for the detection process. It is that system library that returns the active user at that moment. The subsequent information is displayed in the UI.
We are constantly making improvements in Endpoint Protector so please ensure you are using the latest server and client versions to take full advantage of the features and enhancements.