From 366d83ab442bbfc6b36330d5a5c2fa41cc0bfa90 Mon Sep 17 00:00:00 2001
From: Andreas Hunkeler <karneades@protonmail.com>
Date: Thu, 24 Jun 2021 11:21:29 +0200
Subject: [PATCH] Add fp note to PortProxy rules

---
 rules/windows/registry_event/win_portproxy_registry_key.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/registry_event/win_portproxy_registry_key.yml b/rules/windows/registry_event/win_portproxy_registry_key.yml
index 51731570a..a6affc166 100644
--- a/rules/windows/registry_event/win_portproxy_registry_key.yml
+++ b/rules/windows/registry_event/win_portproxy_registry_key.yml
@@ -21,5 +21,5 @@ detection:
         TargetObject: 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PortProxy\v4tov4\tcp'
     condition: selection_registry
 falsepositives:
-    - Unlikely
+    - WSL2 network bridge PowerShell script used for WSL/Kubernetes/Docker (e.g. https://github.com/microsoft/WSL/issues/4150#issuecomment-504209723)
 level: medium