diff --git a/detection/evasion/hidden-executable.sql b/detection/evasion/hidden-executable.sql
index 6a57f89..db76131 100644
--- a/detection/evasion/hidden-executable.sql
+++ b/detection/evasion/hidden-executable.sql
@@ -48,6 +48,7 @@ WHERE
   AND NOT f.directory LIKE '%/.bin-unwrapped'
   AND NOT f.directory LIKE '%/.cargo/bin'
   AND NOT f.directory LIKE '%/.config/nvm/%/bin'
+  AND NOT f.directory LIKE '%/.provisio/bin/%'
   AND NOT f.directory LIKE '%/.local/%'
   AND NOT f.directory LIKE '%/node_modules/.bin/%'
   AND NOT f.directory LIKE '%/.nvm/versions/%/bin'