diff --git a/rules/windows/process_creation/win_netsh_port_fwd.yml b/rules/windows/process_creation/win_netsh_port_fwd.yml
index 3ea432aeb..41751f51d 100644
--- a/rules/windows/process_creation/win_netsh_port_fwd.yml
+++ b/rules/windows/process_creation/win_netsh_port_fwd.yml
@@ -34,4 +34,5 @@ detection:
     condition: selection1 or selection2
 falsepositives:
     - Legitimate administration
+    - WSL2 network bridge PowerShell script used for WSL/Kubernetes/Docker (e.g. https://github.com/microsoft/WSL/issues/4150#issuecomment-504209723)
 level: medium