From 2098312a083b42eaf74fc1e72d67ecbdfedf3bde Mon Sep 17 00:00:00 2001
From: phantinuss <79651203+phantinuss@users.noreply.github.com>
Date: Tue, 21 Nov 2023 14:19:30 +0100
Subject: [PATCH] fix: FPs with partial paths

---
 .../proc_creation_win_susp_file_permission_modifications.yml    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules-threat-hunting/windows/process_creation/proc_creation_win_susp_file_permission_modifications.yml b/rules-threat-hunting/windows/process_creation/proc_creation_win_susp_file_permission_modifications.yml
index 970784303532..6ceafa0c4225 100644
--- a/rules-threat-hunting/windows/process_creation/proc_creation_win_susp_file_permission_modifications.yml
+++ b/rules-threat-hunting/windows/process_creation/proc_creation_win_susp_file_permission_modifications.yml
@@ -41,7 +41,7 @@ detection:
     filter_optional_vscode:
         CommandLine|contains:
             - '\AppData\Local\Programs\Microsoft VS Code'
-            - ':\Program Files\Microsoft VS Code\'
+            - ':\Program Files\Microsoft VS Code'
     filter_optional_avira:
         CommandLine|contains:
             - ':\Program Files (x86)\Avira\'