diff --git a/detection/execution/exotic-command-events-macos.sql b/detection/execution/exotic-command-events-macos.sql
index a246789..e706125 100644
--- a/detection/execution/exotic-command-events-macos.sql
+++ b/detection/execution/exotic-command-events-macos.sql
@@ -117,4 +117,6 @@ WHERE
     AND p.parent = -1
   )
   AND NOT cmd LIKE '/bin/rm -f /tmp/periodic.%'
+  AND NOT cmd LIKE 'rm -f /tmp/locate%/_updatedb%'
+  AND NOT cmd LIKE 'rm -f /tmp/locate%/mklocate%/_mklocatedb%'
   AND NOT cmd LIKE 'touch -r /tmp/KSInstallAction.%'