diff --git a/rules-threat-hunting/windows/process_creation/proc_creation_win_susp_file_permission_modifications.yml b/rules-threat-hunting/windows/process_creation/proc_creation_win_susp_file_permission_modifications.yml
index 97078430353..09435200619 100644
--- a/rules-threat-hunting/windows/process_creation/proc_creation_win_susp_file_permission_modifications.yml
+++ b/rules-threat-hunting/windows/process_creation/proc_creation_win_susp_file_permission_modifications.yml
@@ -8,7 +8,7 @@ references:
     - https://github.com/swagkarna/Defeat-Defender-V1.2.0
 author: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems)
 date: 2019/10/23
-modified: 2023/11/06
+modified: 2023/11/21
 tags:
     - attack.defense_evasion
     - attack.t1222.001
@@ -41,11 +41,11 @@ detection:
     filter_optional_vscode:
         CommandLine|contains:
             - '\AppData\Local\Programs\Microsoft VS Code'
-            - ':\Program Files\Microsoft VS Code\'
+            - ':\Program Files\Microsoft VS Code'
     filter_optional_avira:
         CommandLine|contains:
-            - ':\Program Files (x86)\Avira\'
-            - ':\Program Files\Avira\'
+            - ':\Program Files (x86)\Avira'
+            - ':\Program Files\Avira'
     condition: 1 of selection_* and not 1 of filter_optional_*
 falsepositives:
     - Users interacting with the files on their own (unlikely unless privileged users).