diff --git a/detection/evasion/hidden-cwd.sql b/detection/evasion/hidden-cwd.sql
index b18b516..92f8378 100644
--- a/detection/evasion/hidden-cwd.sql
+++ b/detection/evasion/hidden-cwd.sql
@@ -100,29 +100,16 @@ WHERE
       'gitsign',
       'Code Helper'
     )
-    OR dir LIKE '~/.cache/yay/%'
-    OR dir LIKE '~/.cargo/%'
+    OR dir LIKE '~/.%'
     OR dir LIKE '~/code/%'
-    OR dir LIKE '~/.dotfiles/%'
-    OR dir LIKE '~/%/.git'
-    OR dir LIKE '~/.gimme%'
     OR dir LIKE '~/%/.github%'
     OR dir LIKE '~/%/src/%'
     OR dir LIKE '~/%/.modcache/%'
     OR dir LIKE '~/.gradle/%'
     OR dir LIKE '~/%/github.com/%'
     OR dir LIKE '/Library/Apple/System/Library/InstallerSandboxes/.PKInstallSandboxManager-SystemSoftware/%'
-    OR dir LIKE '~/.local/share/fish/%'
-    OR dir LIKE '~/.local/share/JetBrains/%'
-    OR dir LIKE '~/.local/share/kotlin/%'
-    OR dir LIKE '~/.local/share/nvim/%'
-    OR dir LIKE '~/.local/share/Steam/%'
-    OR dir LIKE '~/.provisio%'
     OR dir LIKE '~/src/%'
     OR dir LIKE '~/%/.terraform%'
-    OR dir LIKE '~/.vim%'
-    OR dir LIKE '~/.vscode/extensions/%'
-    OR dir LIKE '~/.zsh/%'
     OR dir LIKE '/tmp/.mount_%'
     -- For sudo calls to other things
     OR (