We are getting occasional issues based on tcpdump enabled where the local engineer insists that tcpdump was not running at the time. The last issue was triggered at 4 AM which is most likely a time where no one was actively working on the respective device.
The issue is triggered when the ind identifies a tcpdump process is in the output of “ps aux”.
Does Checkpoint have a process that might run tcpdump automatically?