diff --git a/rules/windows/process_creation/proc_creation_win_powershell_defender_exclusion.yml b/rules/windows/process_creation/proc_creation_win_powershell_defender_exclusion.yml
index 85c5b6258..65baa60a6 100644
--- a/rules/windows/process_creation/proc_creation_win_powershell_defender_exclusion.yml
+++ b/rules/windows/process_creation/proc_creation_win_powershell_defender_exclusion.yml
@@ -11,13 +11,13 @@ tags:
     - attack.t1562.001
 author: Florian Roth
 date: 2021/04/29
-modified: 2022/03/04
+modified: 2022/05/12
 logsource:
     category: process_creation
     product: windows
 detection:
     selection1:
-        CommandLine|contains: 
+        CommandLine|contains:
             - 'Add-MpPreference '
             - 'Set-MpPreference '
     selection2:
@@ -25,6 +25,7 @@ detection:
             - ' -ExclusionPath '
             - ' -ExclusionExtension '
             - ' -ExclusionProcess '
+            - ' -ExclusionIpAddress '
     condition: all of selection*
 falsepositives:
     - Possible Admin Activity