diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index c94b167c..10fecd00 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -2814,7 +2814,6 @@
 
 - macro: trusted_images_query_miner_domain_dns
   condition: (container.image.repository in (docker.io/falcosecurity/falco, falcosecurity/falco, public.ecr.aws/falcosecurity/falco))
-  append: false
 
 # The rule is disabled by default.
 # Note: falco will send DNS request to resolve miner pool domain which may trigger alerts in your environment.