The PDQ Deploy user or PDQ Inventory scan user is showing as the currently logged on user on a computer.
When PDQ Deploy\Inventory runs a deployment\scan on a computer, it will do a network logon to it and create a temporary service to run the process. This temporary service, if it's run with a domain account, it will authenticate to a domain controller and create a logon event from the computer, since the account logs on as a service.
Once the deployment\scan is finished, there is a cleanup process that deletes the temporary service and logs out of the computers.
Most web filters\firewalls that integrate with Active Directory, determine who is logged onto a computer by looking at the logon events on the domain controllers. Unfortunately, they don't take logout events into consideration, this means the latest logon event superseded the previous ones.
To resolve this, you will need to look at your web filters\firewalls Active Directory integration settings to specify "service accounts" to exclude from the logged-on user to computer mapping. This will prevent the PDQ Deploy\Inventory user logon event from superseding the end-user logon event.