diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index ffa218f8..9d8fb6a8 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -440,7 +440,7 @@
                           qualys-cloud-ag, locales.postins, nomachine_binaries)
     and not proc.pname in (sysdigcloud_binaries, sendmail_config_binaries, hddtemp.postins)
     and not fd.name pmatch (safe_etc_dirs)
-    and not fd.name in (/etc/container_environment.sh, /etc/container_environment.json)
+    and not fd.name in (/etc/container_environment.sh, /etc/container_environment.json, /etc/motd, /etc/motd.svc)
     and not ansible_running_python
     and not python_running_denyhosts
     and not fluentd_writing_conf_files