diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 389d4ed7..472d17b0 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -722,7 +722,7 @@
   items: [
     iptables, ps, lsb_release, check-new-relea, dumpe2fs, accounts-daemon, sshd,
     vsftpd, systemd, mysql_install_d, psql, screen, debconf-show, sa-update,
-    pam-auth-update, /usr/sbin/spamd
+    pam-auth-update, /usr/sbin/spamd, polkit-agent-he
     ]
 
 # Add conditions to this macro (probably in a separate file,