diff --git a/apps/ops/ansible/runner.py b/apps/ops/ansible/runner.py
index 53ab5e89e..29ccf53f9 100644
--- a/apps/ops/ansible/runner.py
+++ b/apps/ops/ansible/runner.py
@@ -40,9 +40,10 @@ class AdHocRunner:
     def check_module(self):
         if self.module not in self.cmd_modules_choices:
             return
-        if self.module_args and self.module_args.split()[0] in settings.SECURITY_COMMAND_BLACKLIST:
+        command = self.module_args
+        if command and set(command.split()).intersection(set(settings.SECURITY_COMMAND_BLACKLIST)):
             raise CommandInBlackListException(
-                "Command is rejected by black list: {}".format(self.module_args.split()[0]))
+                "Command is rejected by black list: {}".format(self.module_args))
 
     def set_local_connection(self):
         if self.job_module in self.need_local_connection_modules_choices:
diff --git a/apps/ops/models/job.py b/apps/ops/models/job.py
index 9b203fc05..6c1132f3e 100644
--- a/apps/ops/models/job.py
+++ b/apps/ops/models/job.py
@@ -481,6 +481,16 @@ class JobExecution(JMSOrgBaseModel):
             for acl in acls:
                 if self.match_command_group(acl, asset):
                     break
+        command = self.current_job.args
+        if command and set(command.split()).intersection(set(settings.SECURITY_COMMAND_BLACKLIST)):
+            CommandExecutionAlert({
+                "assets": self.current_job.assets.all(),
+                "input": self.material,
+                "risk_level": RiskLevelChoices.reject,
+                "user": self.creator,
+            }).publish_async()
+            raise CommandInBlackListException(
+                "Command is rejected by black list: {}".format(self.current_job.args))
 
     def check_danger_keywords(self):
         lines = self.job.playbook.check_dangerous_keywords()