diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml
index 8608948..1a05aff 100644
--- a/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml
@@ -17,6 +17,8 @@ spec:
         - namespaceSelector:
             matchLabels:
               kubernetes.io/metadata.name: ingress-nginx
+    # https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
+    
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -31,12 +33,22 @@ spec:
     - Egress
   ingress: []
   egress:
+    # https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
     - ports:
+        - port: 53
+          protocol: TCP
+        - port: 53
+          protocol: UDP
         - port: 443
           protocol: TCP
-        - port: 80
+        - port: 4954
           protocol: TCP
     - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: kube-system
         - podSelector:
             matchLabels:
               app.kubernetes.io/name: trivy
+        - ipBlock:
+            cidr: 172.24.0.1/32