fix: null value in separate expression

2019-07-02 20:14:45 +02:00
parent f5a8a81ff7
commit 0b883a90b6
1 changed files with 3 additions and 2 deletions
@@ -18,8 +18,9 @@ detection:
            - '*\MsMpEng.exe'
            - '*\Mrt.exe'
            - '*\rpcnet.exe'
-            - null
-    condition: selection and not filter
+    filter_null:
+        ParentImage: null
+    condition: selection and not filter and not filter_null
 fields:
    - CommandLine
    - ParentCommandLine