diff --git a/rules/macos/process_creation/proc_creation_macos_system_network_discovery.yml b/rules/macos/process_creation/proc_creation_macos_system_network_discovery.yml
index 6f37c4a0e..32242df97 100644
--- a/rules/macos/process_creation/proc_creation_macos_system_network_discovery.yml
+++ b/rules/macos/process_creation/proc_creation_macos_system_network_discovery.yml
@@ -18,7 +18,7 @@ detection:
         Image|endswith:
             - '/netstat'
             - '/ifconfig'
-            - '/usr/libexec/ApplicationFirewall/socketfilterfw'
+            - '/socketfilterfw'
             - '/networksetup'
             - '/arp'
     selection2: