diff --git a/parser/libapparmor_re/aare_rules.cc b/parser/libapparmor_re/aare_rules.cc
index 6892b70a7..96b46e16a 100644
--- a/parser/libapparmor_re/aare_rules.cc
+++ b/parser/libapparmor_re/aare_rules.cc
@@ -265,11 +265,7 @@ CHFA *aare_rules::create_chfa(int *min_match_len,
 		 * information supported by the backed
 		 */
 		if (!extended_perms ||
-		    // TODO: we should drop DFA_MINIMIZE check here but doing
-		    // so changes behavior. Do as a separate patch and fixup
-		    // tests, etc.
-		    ((opts.control & CONTROL_DFA_FILTER_DENY) &&
-		     (opts.control & CONTROL_DFA_MINIMIZE)))
+		    ((opts.control & CONTROL_DFA_FILTER_DENY)))
 			dfa.apply_and_clear_deny();
 
 		if (opts.control & CONTROL_DFA_MINIMIZE) {
diff --git a/parser/parser_common.c b/parser/parser_common.c
index ceb513449..b9f171423 100644
--- a/parser/parser_common.c
+++ b/parser/parser_common.c
@@ -110,7 +110,12 @@ FILE *ofile = NULL;
 IncludeCache_t *g_includecache;
 
 optflags parseopts = {
-	.control = (optflags_t)(CONTROL_DFA_TREE_NORMAL | CONTROL_DFA_TREE_SIMPLE | CONTROL_DFA_MINIMIZE | CONTROL_DFA_DIFF_ENCODE | CONTROL_RULE_MERGE),
+	.control = (optflags_t)(CONTROL_DFA_TREE_NORMAL | CONTROL_DFA_TREE_SIMPLE | CONTROL_DFA_MINIMIZE | CONTROL_DFA_DIFF_ENCODE | CONTROL_RULE_MERGE |
+				/* TODO: remove when we have better auto
+				 * selection on when/which explicit denies
+				 * to remove
+				 */
+				CONTROL_DFA_FILTER_DENY),
 	.dump = 0,
 	.warn = DEFAULT_WARNINGS,
 	.Werror = 0