diff --git a/rules/windows/file/file_event/file_event_win_creation_system_file.yml b/rules/windows/file/file_event/file_event_win_creation_system_file.yml
index 8f83b47bd..f5559d598 100755
--- a/rules/windows/file/file_event/file_event_win_creation_system_file.yml
+++ b/rules/windows/file/file_event/file_event_win_creation_system_file.yml
@@ -113,6 +113,7 @@ detection:
     filter8:
         # This filter handles system processes who are updated/installed using misexec.
         Image: C:\WINDOWS\system32\msiexec.exe
+        # Add more processes if you find them or simply filter msiexec on its own. If the list grows big
         TargetFilename: C:\Program Files\PowerShell\7\pwsh.exe
     condition: selection and not 1 of filter*
 fields: