diff --git a/rules/windows/process_creation/proc_creation_win_susp_wermgr.yml b/rules/windows/process_creation/proc_creation_win_susp_wermgr.yml
index cbff1f31f..ff0222ff4 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_wermgr.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_wermgr.yml
@@ -8,7 +8,7 @@ references:
     - https://github.com/binderlabs/DirCreate2System
 author: Florian Roth
 date: 2022/10/14
-modified: 2022/12/04
+modified: 2023/02/06
 logsource:
     category: process_creation
     product: windows
@@ -31,6 +31,7 @@ detection:
         Image|contains:
             - 'C:\Windows\System32\'
             - 'C:\Windows\SysWOW64\'
+            - 'C:\Windows\WinSxS\'
     condition: 1 of selection_susp* or (selection_img and not filter_img_location)
 falsepositives:
     - Unknown