diff --git a/rules/windows/powershell/powershell_malicious_commandlets.yml b/rules/windows/powershell/powershell_malicious_commandlets.yml
index c8d01d632..fcc15429f 100644
--- a/rules/windows/powershell/powershell_malicious_commandlets.yml
+++ b/rules/windows/powershell/powershell_malicious_commandlets.yml
@@ -108,7 +108,9 @@ detection:
         - Invoke-ReverseDNSLookup
         - Invoke-SMBScanner
         - Invoke-Mimikittenz
-    condition: keywords
+    false_positives:
+        - Get-SystemDriveInfo  # http://bheltborg.dk/Windows/WinSxS/amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_10.0.10240.16384_none_91ef7543a4514b5e/CL_Utility.ps1
+    condition: keywords and not false_positives
 falsepositives:
     - Penetration testing
 level: high
diff --git a/rules/windows/sysmon/sysmon_renamed_powershell.yml b/rules/windows/sysmon/sysmon_renamed_powershell.yml
index a910de1c5..3810b8f41 100644
--- a/rules/windows/sysmon/sysmon_renamed_powershell.yml
+++ b/rules/windows/sysmon/sysmon_renamed_powershell.yml
@@ -16,6 +16,7 @@ detection:
         Company: 'Microsoft Corporation'
     filter:
         Image: '*\powershell.exe'
+        Image: '*\powershell_ise.exe'
     condition: selection and not filter
 falsepositives:
     - Unknown