diff --git a/rules/windows/powershell/powershell_script/posh_ps_sensitive_file_discovery.yml b/rules/windows/powershell/powershell_script/posh_ps_sensitive_file_discovery.yml
index b4a5a05cd..5815a0ca6 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_sensitive_file_discovery.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_sensitive_file_discovery.yml
@@ -23,8 +23,9 @@ detection:
         ScriptBlockText|contains: '-recurse'
     selection_file:
         ScriptBlockText|contains:
-            - 'pass'
-            - 'kdbx'
+            - '.pass'
+            - '.kdbx'
+            - '.kdb'
     condition: all of selection_*
 falsepositives:
     - Unknown