diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 1683390c..6cf69ca4 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -504,7 +504,8 @@
 
 - macro: run_by_passenger_agent
   condition: ((proc.pname=ruby and proc.aname[2]=PassengerAgent) or
-              proc.pcmdline startswith "ruby /usr/share/passenger/helper-scripts/rack-preloader.rb")
+              proc.pcmdline startswith "ruby /usr/share/passenger/helper-scripts/rack-preloader.rb" or
+              proc.pcmdline startswith "ruby /usr/local/bundle/bin/passenger")
 
 # Also handles running semi-indirectly via scl
 - macro: run_by_foreman