diff --git a/detection/c2/unexpected-talkers-linux.sql b/detection/c2/unexpected-talkers-linux.sql
index 423a62a..2ffdd0e 100644
--- a/detection/c2/unexpected-talkers-linux.sql
+++ b/detection/c2/unexpected-talkers-linux.sql
@@ -109,5 +109,12 @@ WHERE
     AND s.protocol = 6
     AND p.euid > 500
   )
+  AND NOT (
+    p.name = 'chrome'
+    AND f.filename = 'chrome'
+    AND s.remote_port > 5000
+    AND s.protocol = 6
+    AND p.euid > 500
+  )
 GROUP BY
   p.cmdline
diff --git a/detection/execution/unexpected-gatekeeper-approvals-macos.sql b/detection/execution/unexpected-gatekeeper-approvals-macos.sql
index 7e18e78..b640b87 100644
--- a/detection/execution/unexpected-gatekeeper-approvals-macos.sql
+++ b/detection/execution/unexpected-gatekeeper-approvals-macos.sql
@@ -27,6 +27,7 @@ FROM
 WHERE
   gap.path NOT LIKE '/Users/%/bin/%'
   AND gap.path NOT LIKE '/Users/%/rekor-cli'
+  AND gap.path NOT LIKE '/usr/local/bin/%'
   AND gap.path NOT LIKE '/Users/%/scorecard-darwin-amd64'
   AND gap.path NOT LIKE '/Users/%/scorecard-darwin-amd64'
   AND gap.path NOT LIKE '/Users/%/configure'