diff --git a/rules/macos/persistence_loginwindow_plist_modification.toml b/rules/macos/persistence_loginwindow_plist_modification.toml
index de9b092b1..31e1f9d45 100644
--- a/rules/macos/persistence_loginwindow_plist_modification.toml
+++ b/rules/macos/persistence_loginwindow_plist_modification.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/01/21"
 maturity = "production"
-updated_date = "2021/05/10"
+updated_date = "2022/07/26"
 
 [rule]
 author = ["Elastic"]
@@ -28,7 +28,8 @@ type = "query"
 query = '''
 event.category:"file" and not event.type:"deletion" and
  file.name:"com.apple.loginwindow.plist" and
- process.name:(* and not (systemmigrationd or DesktopServicesHelper or diskmanagementd or rsync or launchd or cfprefsd or xpcproxy or ManagedClient or MCXCompositor))
+ process.name:(* and not (systemmigrationd or DesktopServicesHelper or diskmanagementd or rsync or launchd or cfprefsd or xpcproxy or ManagedClient or MCXCompositor or backupd or "iMazing Profile Editor"
+))
 '''