added false positive possibility

rules/windows/builtin/win_possible_applocker_bypass.yml

@@ -10,7 +10,7 @@ tags:
     - attack.defense_evasion
 detection:
     selection:
-        CommandLine: 
+        CommandLine:
             - '*\msdt.exe*'
             - '*\installutil.exe*'
             - '*\regsvcs.exe*'
@@ -22,8 +22,9 @@ detection:
             # higher risk of false positives
 #            - '*\cscript.EXE*'
     condition: selection
-falsepositives: 
+falsepositives:
     - False positives depend on scripts and administrative tools used in the monitored environment
+    - Using installutil to add features for .NET applications (primarly would occur in developer environments)
 level: low
 ---
 # Windows Audit Log