diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 3809a3143f8..97e484329b9 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -2235,7 +2235,7 @@
   condition: >
     evt.type=setuid and evt.dir=>
     and (known_user_in_container or not container)
-    and not user.name=root
+    and not (user.name=root or user.uid=0)
     and not somebody_becoming_themself
     and not proc.name in (known_setuid_binaries, userexec_binaries, mail_binaries, docker_binaries,
                           nomachine_binaries)