diff --git a/rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml b/rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml
index 204bb61c0..2b8ae5871 100755
--- a/rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml
+++ b/rules/windows/file_event/sysmon_susp_adsi_cache_usage.yml
@@ -18,7 +18,7 @@ logsource:
     category: file_event
 detection:
     selection_1:
-        TargetFilename: '*\Local\Microsoft\Windows\SchCache\\*.sch'
+        TargetFilename|endswith: '\Local\Microsoft\Windows\SchCache\\*.sch'
     selection_2:
         Image:
             - 'C:\windows\system32\svchost.exe'