diff --git a/rules/windows/builtin/taskscheduler/win_taskscheduler_susp_schtasks_delete.yml b/rules/windows/builtin/taskscheduler/win_taskscheduler_susp_schtasks_delete.yml
index 7222c2405..6e67c3535 100644
--- a/rules/windows/builtin/taskscheduler/win_taskscheduler_susp_schtasks_delete.yml
+++ b/rules/windows/builtin/taskscheduler/win_taskscheduler_susp_schtasks_delete.yml
@@ -22,8 +22,13 @@ detection:
     selection:
         EventID: 141 
         TaskName|contains: 
-            - '\Microsoft\Windows\Windows Defender\'
-            - '\Microsoft\Windows\WindowsUpdate\'
+            - '\Windows\SystemRestore\SR'
+            - '\Windows\Windows Defender\'
+            - '\Windows\BitLocker'
+            - '\Windows\WindowsBackup\'
+            - '\Windows\WindowsUpdate\'
+            - '\Windows\UpdateOrchestrator\'
+            - '\Windows\ExploitGuard'            
     filter:
         UserName|contains:
             - 'AUTHORI'