diff --git a/detection/exfil/high_disk_bytes_read.sql b/detection/exfil/high_disk_bytes_read.sql
index d3c7a96..65c3908 100644
--- a/detection/exfil/high_disk_bytes_read.sql
+++ b/detection/exfil/high_disk_bytes_read.sql
@@ -60,6 +60,7 @@ WHERE
   AND NOT p.path IN (
     '/usr/bin/dockerd',
     '/usr/bin/gnome-shell',
+    '/usr/libexec/coreduetd',
     '/usr/bin/udevadm',
     '/usr/libexec/aned',
     '/usr/libexec/logd',