diff --git a/rules/macos/defense_evasion_privacy_controls_tcc_database_modification.toml b/rules/macos/defense_evasion_privacy_controls_tcc_database_modification.toml
index 38750e8c3..be7c89412 100644
--- a/rules/macos/defense_evasion_privacy_controls_tcc_database_modification.toml
+++ b/rules/macos/defense_evasion_privacy_controls_tcc_database_modification.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2020/12/23"
 maturity = "production"
-updated_date = "2022/03/31"
+updated_date = "2022/07/18"
 
 [rule]
 author = ["Elastic"]
@@ -33,7 +33,8 @@ type = "eql"
 
 query = '''
 process where event.type in ("start", "process_started") and process.name : "sqlite*" and
- process.args : "/*/Application Support/com.apple.TCC/TCC.db"
+ process.args : "/*/Application Support/com.apple.TCC/TCC.db" and
+ not process.parent.executable : "/Library/Bitdefender/AVP/product/bin/*"
 '''