diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 57cc6bbe..ddb53513 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -580,6 +580,9 @@
   condition: (proc.cmdline startswith "bash -hB /usr/lib/plesk-9.0/services/webserver.apache configure"
               and fd.name="/etc/apache2/apache2.conf.tmp")
 
+- macro: plesk_running_mktemp
+  condition: (proc.name=mktemp and proc.aname[3] in (plesk_binaries))
+
 - macro: networkmanager_writing_resolv_conf
   condition: proc.aname[2]=nm-dispatcher and fd.name=/etc/resolv.conf
 
@@ -628,6 +631,7 @@
     and not git_writing_nssdb
     and not plesk_writing_keys
     and not plesk_install_writing_apache_conf
+    and not plesk_running_mktemp
     and not networkmanager_writing_resolv_conf
     and not run_by_chef
     and not add_shell_writing_shells_tmp