The second group of reports in SCEP focuses entirely on the users, which falls in line with Microsoft's mantra of focusing on users within SCCM 2012 as a whole. While the overall user focus provides for things, such as customized application delivery in the rest of SCCM, focus on users in SCEP allows you to monitor your problem children.
Every organization has them; the user that will happily open any attachment and fears no website on the Internet. The good news is that SCEP empowers you to monitor for repeat offenders, regardless what system they may be using.
To complete this recipe, you will need to be using an account that has at least the SCEP administrator role granted to it. You will also need to ensure that you've enabled Active Directory Users discovery in SCCM and that it has completed the discovery at least once before following this recipe.
Follow these steps:
MonitoringOverviewReportingReportsEndpoint Protection
and right-click on Top Users By Threats, and click on Run.As SCEP collects a rich dataset for any malware event that has been detected, it is aware of any user who was logged in at that time. Possessing this information will allow you to identify patterns of behavior that expose your network to risk. That said, it is possible for many types of malware (such as a worm) to show up in a malware report for a computer that a given user was logged into, without the user having done anything.