diff --git a/detection/evasion/unexpected-dev-entries.sql b/detection/evasion/unexpected-dev-entries.sql
index cb312b4..8fe77af 100644
--- a/detection/evasion/unexpected-dev-entries.sql
+++ b/detection/evasion/unexpected-dev-entries.sql
@@ -47,10 +47,14 @@ WHERE
       OR file.path LIKE '/dev/shm/jack_db%'
     )
   )
+  AND NOT (
+    file.size <= 32
+    AND file.path LIKE '/dev/shm/%'
+  )
   AND file.path NOT LIKE '/dev/shm/lttng-ust-wait-%'
   AND file.path NOT LIKE '/dev/shm/flatpak-%'
   AND file.path NOT LIKE '/dev/shm/libpod_rootless_lock_%'
   AND file.path NOT LIKE '/dev/shm/sem.mp-%'
   AND file.path NOT LIKE '%/../%'
   AND file.path NOT LIKE '%/./%'
-  AND file.path NOT IN ('/dev/.mdadm/', '/dev/shm/libpod_lock')
+  AND file.path NOT IN ('/dev/.mdadm/', '/dev/shm/libpod_lock', '/dev/shm/sem.camlock')
diff --git a/detection/execution/recently-created-executables-long-lived-linux.sql b/detection/execution/recently-created-executables-long-lived-linux.sql
index 871332f..1d6405e 100644
--- a/detection/execution/recently-created-executables-long-lived-linux.sql
+++ b/detection/execution/recently-created-executables-long-lived-linux.sql
@@ -3,7 +3,7 @@
 -- false-positives:
 --   * many
 --
--- tags: transient process state
+-- tags: transient process state extra
 -- platform: linux
 SELECT
   f.ctime AS p0_ctime,
diff --git a/detection/execution/recently-created-executables-long-lived-macos.sql b/detection/execution/recently-created-executables-long-lived-macos.sql
index 4a4d749..49e8d3c 100644
--- a/detection/execution/recently-created-executables-long-lived-macos.sql
+++ b/detection/execution/recently-created-executables-long-lived-macos.sql
@@ -3,7 +3,7 @@
 -- false-positives:
 --   * many
 --
--- tags: transient process state
+-- tags: transient process state extra
 -- platform: darwin
 SELECT
   f.ctime,