diff --git a/rules/windows/process_creation/proc_creation_win_net_use_mount_share.yml b/rules/windows/process_creation/proc_creation_win_net_use_mount_share.yml
index 245cdd378..311a8a250 100644
--- a/rules/windows/process_creation/proc_creation_win_net_use_mount_share.yml
+++ b/rules/windows/process_creation/proc_creation_win_net_use_mount_share.yml
@@ -22,7 +22,7 @@ detection:
             - '\net1.exe'
         CommandLine|contains:
             - ' use '
-            - ' \\'
+            - ' \\\\'
     condition: selection
 falsepositives:
     - Legitimate activity by administrators and scripts