Fix modifier

rules/windows/builtin/security/win_iso_mount.yml

@@ -21,7 +21,7 @@ detection:
         EventID: 4663
         ObjectServer: 'Security'
         ObjectType: 'File'
-        ObjectName|contains: '\Device\CdRom'
+        ObjectName|startswith: '\Device\CdRom'
     filter:
         ObjectName: '\Device\CdRom0\setup.exe'
     condition: selection and not filter

rules/windows/registry/registry_set/registry_set_bypass_uac_using_eventviewer.yml

@@ -16,7 +16,7 @@ detection:
         EventType: SetValue
         TargetObject|endswith: '_Classes\mscfile\shell\open\command\(Default)'
     filter:
-        Details|contains: '%SystemRoot%\system32\mmc.exe "%1" %'
+        Details|startswith: '%SystemRoot%\system32\mmc.exe "%1" %'
     condition: selection and not filter
 falsepositives:
     - Unknown