diff --git a/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml b/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml
index cac8f9e7d..52a4072ff 100755
--- a/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml
+++ b/rules/windows/registry_event/sysmon_asep_reg_keys_modification.yml
@@ -11,8 +11,8 @@ tags:
     - attack.t1547.001
     - attack.t1060      # an old one
 date: 2019/10/25
-modified: 2020/11/04
-author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community
+modified: 2021/11/11
+author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton
 logsource:
     category: registry_event
     product: windows
@@ -190,6 +190,8 @@ detection:
             - '\Lsa\Notification Packages'
             - '\Lsa\Authentication Packages'
             - '\BootVerificationProgram\ImagePath'
+    filter:
+        Details: '(Empty)'
     condition: main_selection or
                session_manager_base and session_manager or
                current_version_base and current_version or
@@ -202,7 +204,7 @@ detection:
                classes_base and classes or
                scripts_base and scripts or
                winsock_parameters_base and winsock_parameters or
-               system_control_base and system_control
+               system_control_base and system_control and not filter
 fields:
     - SecurityID
     - ObjectName
diff --git a/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml b/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml
index 820a65f60..e54f396b2 100755
--- a/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml
+++ b/rules/windows/registry_event/sysmon_new_dll_added_to_appinit_dlls_registry_key.yml
@@ -9,9 +9,9 @@ tags:
     - attack.persistence
     - attack.t1103 # an old one
     - attack.t1546.010
-author: Ilyas Ochkov, oscd.community
+author: Ilyas Ochkov, oscd.community, Tim Shelton
 date: 2019/10/25
-modified: 2020/09/06
+modified: 2021/11/11
 logsource:
     category: registry_event
     product: windows
@@ -24,7 +24,9 @@ detection:
         NewName|endswith:
                 - '\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls'
                 - '\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls'
-    condition: selection
+    filter:
+      Details: '(Empty)'
+    condition: selection and not filter
 fields:
     - EventID
     - Image