diff --git a/rules/windows/process_creation/win_pc_sqlcmd_veeam_dump.yml b/rules/windows/process_creation/win_pc_sqlcmd_veeam_dump.yml
index a3a7a4835..897fde0bb 100644
--- a/rules/windows/process_creation/win_pc_sqlcmd_veeam_dump.yml
+++ b/rules/windows/process_creation/win_pc_sqlcmd_veeam_dump.yml
@@ -15,7 +15,7 @@ logsource:
     product: windows
 detection:
     selection_tools:
-        Image|endswith: 'sqlcmd.exe'
+        Image|endswith: '\sqlcmd.exe'
     selection_query:
         CommandLine|contains|all:
             - 'SELECT'