diff --git a/audit.rules b/audit.rules
index 2e12f0e..c975080 100644
--- a/audit.rules
+++ b/audit.rules
@@ -436,6 +436,16 @@
 -w /usr/bin/zstd -p x -k Data_Compressed
 -w /usr/local/bin/zstd -p x -k Data_Compressed
 
+### https://upx.github.io/
+-a always,exit -F arch=b32 -F path=/usr/bin/upx-ucl -F perm=x -F key=Data_Compressed
+-a always,exit -F arch=b64 -F path=/usr/bin/upx-ucl -F perm=x -F key=Data_Compressed
+
+-a always,exit -F arch=b32 -F path=/usr/sbin/upx-ucl -F perm=x -F key=Data_Compressed
+-a always,exit -F arch=b64 -F path=/usr/sbin/upx-ucl -F perm=x -F key=Data_Compressed
+
+-a always,exit -F arch=b32 -F path=/usr/local/bin/upx-ucl -F perm=x -F key=Data_Compressed
+-a always,exit -F arch=b64 -F path=/usr/local/bin/upx-ucl -F perm=x -F key=Data_Compressed
+
 ### https://www.rkeene.org/oss/dact
 -a always,exit -F arch=b32 -F path=/usr/bin/dact -F perm=x -F key=Data_Compressed
 -a always,exit -F arch=b64 -F path=/usr/bin/dact -F perm=x -F key=Data_Compressed