"Debug mode enabled"" rule is reporting tcpdump as enabled

"Debug mode enabled"" rule is reporting tcpdump as enabled
0

#1

We are getting occasional issues based on tcpdump enabled where the local engineer insists that tcpdump was not running at the time. The last issue was triggered at 4 AM which is most likely a time where no one was actively working on the respective device.

The issue is triggered when the ind identifies a tcpdump process is in the output of “ps aux”.

Does Checkpoint have a process that might run tcpdump automatically?