diff --git a/unexpected-talkers.sql b/unexpected-talkers.sql
index c09c535..1dcfb42 100644
--- a/unexpected-talkers.sql
+++ b/unexpected-talkers.sql
@@ -25,17 +25,19 @@ AND NOT (p.name IN ('spotify', 'Spotify Helper', 'Spotify') AND remote_port IN (
 AND NOT (p.name='coredns' AND remote_port=53 AND protocol=17)
 AND NOT (p.name='systemd-resolve' AND remote_port=53 AND protocol=17)
 AND NOT (p.name='ssh' AND remote_port=22 AND protocol=6)
+AND NOT (p.name='java' AND remote_port IN (30031,25565) AND protocol=6)
 AND NOT (p.path = '/usr/bin/gnome-software' AND remote_port = 443)
 AND NOT (p.path = '/usr/libexec/rapportd' AND remote_port > 49000 and protocol=6)
 AND NOT (p.path = '/usr/libexec/timed' AND remote_port = 123)
 AND NOT (p.path = '/usr/libexec/trustd' AND remote_port IN (80,443))
+AND NOT (p.path = '/usr/libexec/trustd' AND remote_port IN (80,443))
 AND NOT (p.path LIKE '/private/var/folders/%/Reflect 2.app/Contents/Frameworks/Reflect Helper.app/Contents/MacOS/Reflect Helper' AND p.cwd='/' AND remote_port=443 AND s.protocol IN (6,17))
 AND NOT (p.path LIKE '/private/var/folders/%/Visual Studio Code.app/Contents/%' AND p.cwd='/' AND remote_port=443 AND protocol=6)
 AND NOT (p.path LIKE '/Users/%/.cache/trunk/cli/%/trunk' AND remote_port=443 AND s.protocol=6)
 AND NOT (p.path LIKE '/Users/%/Library/Application Support/WebEx Folder/%/Meeting Center.app/Contents/MacOS/Meeting Center' AND p.cwd='/' AND remote_port=443 AND protocol=6)
 AND NOT (p.path LIKE '/Users/%/Library/Application Support/WebEx Folder/%/Meeting Center.app/Contents/MacOS/Meeting Center' AND p.cwd='/' AND remote_port=9000 AND protocol=17)
 AND NOT (p.path LIKE '%/firefox' AND remote_port IN (443,80))
-AND NOT (p.path LIKE '%/NetworkManager' AND remote_port = 67)
+AND NOT (p.path LIKE '%/NetworkManager' AND remote_port IN (67,80))
 AND NOT (p.path LIKE '%tailscaled%' AND remote_port IN (443,80))
 AND NOT (p.path='/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter' AND p.cwd='/' AND remote_port=4500 AND protocol=17)
 AND NOT (p.path='/System/Library/Frameworks/CoreTelephony.framework/Support/CommCenter' AND p.cwd='/' AND remote_port=500 AND protocol=17)
@@ -47,14 +49,17 @@ AND NOT (remote_port = 443 AND protocol=6 AND p.path LIKE '/usr/libexec/%')
 AND NOT (remote_port IN (80, 443) AND protocol IN (6,17) AND p.path LIKE '/Applications/%.app/Contents/%')
 AND NOT (remote_port IN (80, 443) AND protocol IN (6,17) AND p.path LIKE '/System/Applications/%')
 AND NOT (remote_port IN (80, 443) AND protocol IN (6,17) AND p.path LIKE '/System/Library/%')
-AND NOT (remote_port=443 AND protocol=6 AND p.name IN (
+AND NOT (remote_port=443 AND protocol IN (6,17) AND p.name IN (
         'gitsign',
         'ko',
         'kubectl',
         'k9s',
+        'launcher-Helper',
         'terraform',
         'steam_osx',
         'slack',
+        'ngrok',
+        'jcef_helper',
         'Slack Helper',
         'Slack',
         'controlplane',
@@ -66,5 +71,5 @@ AND NOT (remote_port=443 AND protocol=6 AND p.name IN (
     )
 )
 AND NOT (remote_port=443 AND protocol=6 AND p.name LIKE 'terraform-provider-%')
-
+AND NOT (remote_port=443 AND protocol=6 AND p.name LIKE 'kubectl.%')
 
diff --git a/unexpectedly-high-readers.sql b/unexpectedly-high-readers.sql
index 8576076..543bc4f 100644
--- a/unexpectedly-high-readers.sql
+++ b/unexpectedly-high-readers.sql
@@ -18,11 +18,15 @@ AND NOT (name='launcher' AND path='/usr/local/kolide-k2/bin/launcher-updates/165
 AND NOT (name='logd' AND cmdline='/usr/libexec/logd' AND parent=1)
 AND NOT (name='osqueryd' AND path LIKE '/usr/local/kolide-k2/bin/osqueryd-updates/%/osqueryd')
 AND NOT (name='packagekitd' AND path='/usr/libexec/packagekitd')
+AND NOT (name='spindump' AND path='/usr/sbin/spindump')
+AND NOT (name='systemstats' AND path='/usr/sbin/systemstats')
 AND NOT (name='signpost_reporter' AND cmdline='/usr/libexec/signpost_reporter' AND parent=1)
 AND NOT (name='snapd' AND path='/usr/lib/snaptd/snaptd')
 AND NOT (name='syspolicyd' AND path='/usr/libexec/syspolicyd' AND parent=1)
 AND NOT (name='systemd-udevd' AND path='/usr/bin/udevadm')
 AND NOT (name='systemd' AND path='/usr/lib/systemd/systemd')
+AND NOT (name='node' AND cwd LIKE '%/console-ui/app')
+AND NOT (name='FindMy' AND path='/System/Applications/FindMy.app/Contents/MacOS/FindMy')
 AND NOT (path LIKE '/home/%/Apps/PhpStorm%/jbr/bin/java')
 AND path NOT LIKE '/Applications/%.app/Contents/%'
 AND path NOT LIKE '/System/Library/%'