diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 765962bf..5cd36c4c 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -892,6 +892,7 @@
   desc: an attempt to write to any file below a set of binary directories
   condition: >
     bin_dir and evt.dir = < and open_write
+    and not package_mgmt_procs
     and not exe_running_docker_save
     and not python_running_get_pip
     and not python_running_ms_oms