diff --git a/caos.ansible_roles/roles/assert_privileged_caps/tasks/check_Linux.yaml b/caos.ansible_roles/roles/assert_privileged_caps/tasks/check_Linux.yaml
index b457186..cdbdb08 100644
--- a/caos.ansible_roles/roles/assert_privileged_caps/tasks/check_Linux.yaml
+++ b/caos.ansible_roles/roles/assert_privileged_caps/tasks/check_Linux.yaml
@@ -14,4 +14,10 @@
       - getcap.stdout is search(item)
   loop: "{{ caps }}"
 
+- name: fail if caps are found and were not expected
+  fail:
+    msg: "caps were not expected"
+  when:
+    - caps | length  == 0 and getcap.stdout != ""
+
 ...