From ca6a4beb6584aa719e5603d997a242b36872a75b Mon Sep 17 00:00:00 2001
From: stvetro <57000749+stvetro@users.noreply.github.com>
Date: Fri, 23 Oct 2020 12:50:27 +0400
Subject: [PATCH] Small fix

Added "\" at file path end
---
 rules/windows/process_creation/win_susp_runscripthelper.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/win_susp_runscripthelper.yml b/rules/windows/process_creation/win_susp_runscripthelper.yml
index b5ac4316..3bea7fb7 100644
--- a/rules/windows/process_creation/win_susp_runscripthelper.yml
+++ b/rules/windows/process_creation/win_susp_runscripthelper.yml
@@ -11,7 +11,7 @@ logsource:
     product: windows
 detection:
     image_path:
-        Image|endswith: 'Runscripthelper.exe'
+        Image|endswith: '\Runscripthelper.exe'
     cmd:
         CommandLine|contains: 'surfacecheck'
     condition: image_path and cmd