From 8f3542a73ea55d24b63d0fff0cd01bd1c170a81f Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 15:41:13 -0300
Subject: [PATCH] Update win_mal_wceaux_dll.yml

---
 rules/windows/builtin/win_mal_wceaux_dll.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/builtin/win_mal_wceaux_dll.yml b/rules/windows/builtin/win_mal_wceaux_dll.yml
index df16fe303..e188aa447 100644
--- a/rules/windows/builtin/win_mal_wceaux_dll.yml
+++ b/rules/windows/builtin/win_mal_wceaux_dll.yml
@@ -21,7 +21,7 @@ detection:
             - 4658
             - 4660
             - 4663
-        ObjectName: '*\wceaux.dll'
+        ObjectName|endswith: '\wceaux.dll'
     condition: selection
 falsepositives:
     - Penetration testing