From 4a4d990151cfdfa605c6b1fc95ef53ff8dd9b511 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Wed, 6 Apr 2022 14:02:01 +0200
Subject: [PATCH] fix: less strict directory filter

---
 .../proc_creation_win_proc_dump_susp_dumpminitool.yml           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/process_creation/proc_creation_win_proc_dump_susp_dumpminitool.yml b/rules/windows/process_creation/proc_creation_win_proc_dump_susp_dumpminitool.yml
index 81fdf35de..248cf18fa 100644
--- a/rules/windows/process_creation/proc_creation_win_proc_dump_susp_dumpminitool.yml
+++ b/rules/windows/process_creation/proc_creation_win_proc_dump_susp_dumpminitool.yml
@@ -21,7 +21,7 @@ detection:
     filter_folder:
         Image|contains: 
             - '\Microsoft Visual Studio\'
-            - '\Extensions\TestPlatform\'
+            - '\Extensions\'  # https://github.com/microsoft/vstest/blob/main/src/package/nuspec/Microsoft.TestPlatform.Portable.nuspec#L159
     selection_flags:
         CommandLine|contains: '.txt'
     condition: ( selection and not filter_folder ) or ( all of selection* )