Issue was fixed. Now we can see the Username and the Target URL on which the infected document was uploaded to.
The solution include the following two tasks, which have to be executed on each Webfrontend:
- Grant FullControl for the IIS_IUSRS Group on the Reg-Key: HKLM\SOFTWARE\Wow6432Node\McAfee\McAfee PortalShield\trace
- Grant "Local Launch" permission for IIS_USRS Group on DCOM Object PSPickerx64Srv