diff --git a/rules/macos/defense_evasion_attempt_del_quarantine_attrib.toml b/rules/macos/defense_evasion_attempt_del_quarantine_attrib.toml
index df4655ad2..501f4a77d 100644
--- a/rules/macos/defense_evasion_attempt_del_quarantine_attrib.toml
+++ b/rules/macos/defense_evasion_attempt_del_quarantine_attrib.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/08/14"
 maturity = "production"
-updated_date = "2022/03/31"
+updated_date = "2022/07/18"
 
 [rule]
 author = ["Elastic"]
@@ -42,6 +42,9 @@ process where event.type in ("start", "process_started") and
         "/bin/sh -c xattr -c *"
       )
     )
+  ) and not process.args : (
+    "/Applications/Google Chrome.app",
+    "/Applications/Microsoft Edge.app"
   )
 '''