You see the NT AUTHORITY\ANONYMOUS LOGON username in the access logs

You see NT AUTHORITY\ANONYMOUS LOGON in the policy trace

BCAAA reports the anonymous user when it finds a NULL SMB session. This is the correct behavior, because NULL sessions use anonymous credentials.

This problem can be fixed by adding to the [SSOServiceUsers] section of sso.ini. This will cause BCAAA to ignore NULL sessions. BCAAA must be restarted after applying the changes.
 

From:
[SSOServiceUsers]
; Standared Windows service users
NetShowServices

To:
[SSOServiceUsers]
; Standared Windows service users
NetShowServices
NT AUTHORITY\ANONYMOUS LOGON

Note : Please make sure there are no spaces or blank characters after NT AUTHORITY\ANONYMOUS LOGON on the last line from the example below.