diff --git a/pkg/pe/parser.go b/pkg/pe/parser.go
index 462b73c08..32b381bb8 100644
--- a/pkg/pe/parser.go
+++ b/pkg/pe/parser.go
@@ -407,6 +407,12 @@ func parse(path string, data []byte, options ...Option) (*PE, error) {
 // driver samples may not contain an import directory, but section names may
 // reveal the PE is a kernel driver.
 func (pe *PE) isDriver() bool {
+	// Prevent false positives such as ntdll.dll
+	// because it has the PAGE section which is
+	// driver-typical
+	if pe.IsDLL {
+		return false
+	}
 	// DIRECTORY_ENTRY_IMPORT may exist, although it may be empty.
 	// If it imports from "ntoskrnl.exe" or other kernel components it should
 	// be a driver.