diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 0a70c8a1..77a18716 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -3105,11 +3105,14 @@
 - macro: mount_info
   condition: (proc.args="" or proc.args intersects ("-V", "-l", "-h"))
 
-- macro: user_known_mount_in_privileged_containers
+- macro: known_gke_mount_in_privileged_containers
   condition:
     (k8s.ns.name = kube-system
     and container.image.repository = gke.gcr.io/gcp-compute-persistent-disk-csi-driver)
 
+- macro: user_known_mount_in_privileged_containers
+  condition: (never_true)
+
 - rule: Mount Launched in Privileged Container
   desc: Detect file system mount happened inside a privileged container which might lead to container escape.
   condition: >
@@ -3117,6 +3120,7 @@
     and container.privileged=true
     and proc.name=mount
     and not mount_info
+    and not known_gke_mount_in_privileged_containers
     and not user_known_mount_in_privileged_containers
   output: Mount was executed inside a privileged container (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline %container.info image=%container.image.repository:%container.image.tag)
   priority: WARNING