diff --git a/rules/windows/process_creation/proc_creation_win_ntfs_short_name_path_use_cli.yml b/rules/windows/process_creation/proc_creation_win_ntfs_short_name_path_use_cli.yml
index 76b3888e5..6fe080f91 100644
--- a/rules/windows/process_creation/proc_creation_win_ntfs_short_name_path_use_cli.yml
+++ b/rules/windows/process_creation/proc_creation_win_ntfs_short_name_path_use_cli.yml
@@ -11,7 +11,7 @@ references:
     - https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc959352(v=technet.10)?redirectedfrom=MSDN
     - https://twitter.com/frack113/status/1555830623633375232
 date: 2022/08/07
-modified: 2022/08/12
+modified: 2022/09/12
 logsource:
     category: process_creation
     product: windows
@@ -27,6 +27,7 @@ detection:
         - ParentImage|endswith:
             - '\WebEx\WebexHost.exe'
             - '\thor\thor64.exe'
+            - '\veam.backup.shell.exe'
     condition: selection and not filter
 falsepositives:
     - Applications could use this notation occasionally which might generate some false positives. In that case Investigate the parent and child process.