diff --git a/detection/evasion/unexpected-library-entries-macos.sql b/detection/evasion/unexpected-library-entries-macos.sql
index 503c3fd..d3a76bc 100644
--- a/detection/evasion/unexpected-library-entries-macos.sql
+++ b/detection/evasion/unexpected-library-entries-macos.sql
@@ -93,6 +93,7 @@ WHERE
     '/Library/Preferences/.GlobalPreferences.plist',
     '/Library/Printers/',
     '/Library/PrivilegedHelperTools/',
+    '/Library/Python/',
     '/Library/QuickLook/',
     '/Library/Receipts/',
     '/Library/Ruby/',
@@ -122,4 +123,4 @@ WHERE
     '/Library/WebServer/Documents/index.html.en',
     '/Library/WebServer/share/'
   )
-  AND NOT file.path LIKE '/Library/Caches/.00%'
+  AND NOT file.path LIKE '/Library/Caches/.0%'