diff --git a/.github/workflows/known-FPs.csv b/.github/workflows/known-FPs.csv
index 37227c5c3..5a309c5e7 100644
--- a/.github/workflows/known-FPs.csv
+++ b/.github/workflows/known-FPs.csv
@@ -52,3 +52,5 @@ b69888d4-380c-45ce-9cf9-d9ce46e67821;Executable in ADS;7z\.exe
 65236ec7-ace0-4f0c-82fd-737b04fd4dcb;EVTX Created In Uncommon Location;powershell\.exe
 a62b37e0-45d3-48d9-a517-90c1a1b0186b;Eventlog Cleared;Computer: DESKTOP-A8CALR3
 a62b37e0-45d3-48d9-a517-90c1a1b0186b;Eventlog Cleared;Computer: WIN-06FB45IHQ35
+4eec988f-7bf0-49f1-8675-1e6a510b3a2a;Potential PendingFileRenameOperations Tamper;target\.exe
+4eec988f-7bf0-49f1-8675-1e6a510b3a2a;Potential PendingFileRenameOperations Tamper;target\.tmp
diff --git a/rules/windows/registry/registry_set/registry_set_susp_pendingfilerenameoperations.yml b/rules/windows/registry/registry_set/registry_set_susp_pendingfilerenameoperations.yml
index fd4396ec6..aba450b50 100644
--- a/rules/windows/registry/registry_set/registry_set_susp_pendingfilerenameoperations.yml
+++ b/rules/windows/registry/registry_set/registry_set_susp_pendingfilerenameoperations.yml
@@ -25,7 +25,7 @@ detection:
             - '\AppData\Local\Temp\'
             - '\Users\Public\'
     selection_susp_images:
-        - Image|endswith:
+        Image|endswith:
             - '\reg.exe'
             - '\regedit.exe'
     condition: selection_main and 1 of selection_susp_*