diff --git a/detection/privesc/unexpected-privilege-escalation.sql b/detection/privesc/unexpected-privilege-escalation.sql
index 8d14db1..2cbf35c 100644
--- a/detection/privesc/unexpected-privilege-escalation.sql
+++ b/detection/privesc/unexpected-privilege-escalation.sql
@@ -53,3 +53,7 @@ WHERE
     p.name = 'fusermount3'
     AND parent_path = '/usr/lib/xdg-document-portal'
   )
+  AND NOT (
+    p.name = 'pkexec'
+    AND parent_path = '/usr/bin/update-notifier'
+  )