Zscaler Client Connector uses the Npcap library to perform packet capture for troubleshooting.

Enabling Digital Experience Monitoring installs Npcap.

When users run Zscaler Client Connector with Npcap functionality enabled, they can make packet capture tools available in the user space, allowing non-administrators to perform packet capture. This could elevate a user's access during a packet capture session and allow them unauthorized access. You can limit packet capture to administrators only by enabling Restrict Remote Packet Capture.

If Npcap is already installed, Zscaler Client Connector uses the registry setting to restrict remote packet capture to administrators only.

To limit packet capture to administrators only:

1. In the Admin Portal, go to Infrastructure > Connectors > Client > User Privacy.
2. On the User Privacy tab, enable Restrict Remote Packet Capture.
3. Click Save.