From 496cfcb26ac7032d04395c4ccf9391640aefe1e5 Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 15:53:51 -0300
Subject: [PATCH] Update win_susp_sdelete.yml

---
 rules/windows/builtin/win_susp_sdelete.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/windows/builtin/win_susp_sdelete.yml b/rules/windows/builtin/win_susp_sdelete.yml
index 5bb8bd700..558a109e1 100644
--- a/rules/windows/builtin/win_susp_sdelete.yml
+++ b/rules/windows/builtin/win_susp_sdelete.yml
@@ -28,9 +28,9 @@ detection:
             - 4656
             - 4663
             - 4658
-        ObjectName:
-            - '*.AAA'
-            - '*.ZZZ'
+        ObjectName|endswith:
+            - '.AAA'
+            - '.ZZZ'
     condition: selection
 falsepositives:
     - Legitime usage of SDelete