diff --git a/rules/windows/file_event/file_event_proxy_dropping_executable.yml b/rules/windows/file_event/file_event_proxy_dropping_executable.yml
index 7a5fba9d5..bc7731447 100644
--- a/rules/windows/file_event/file_event_proxy_dropping_executable.yml
+++ b/rules/windows/file_event/file_event_proxy_dropping_executable.yml
@@ -37,7 +37,10 @@ detection:
             - \RdrCEF.exe
             - \mshta.exe
             - \hh.exe
-        TargetFilename|endswith: '.exe'
+        TargetFilename|endswith:
+            - '.exe'
+            - '.dll'
+            - '.ocx'
     condition: selection
 falsepositives:
     - Unknown