diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 66c46cda..f7a2af84 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -792,7 +792,8 @@
     timeout, updatedb.findut, adclient, systemd-udevd,
     luajit, uwsgi, cfn-signal, apache_control_, beam.smp, paster, postfix-local,
     nginx_control, mailmng-service, web_statistic_e, statistics_coll, install-info,
-    hawkular-metric, rhsmcertd-worke, parted, amuled, fluentd
+    hawkular-metric, rhsmcertd-worke, parted, amuled, fluentd, x2gormforward,
+    parallels_insta
     ]
 
 - rule: Run shell untrusted
@@ -1049,7 +1050,7 @@
                            erl_child_setup, erlexec, ceph, PM2, pycompile, py3compile, hhvm, npm, serf,
                            runsv, supervisord, varnishd, crond, logrotate, timeout, tini,
                            xrdb, xfce4-session, weave, logdna-agent, bundle, configure, luajit, nginx,
-                           beam.smp, paster, postfix-local, hawkular-metric, fluentd)
+                           beam.smp, paster, postfix-local, hawkular-metric, fluentd, x2gormforward)
     and not trusted_containers
     and not shell_spawning_containers
     and not parent_java_running_echo