diff --git a/rules/windows/builtin/security/win_iso_mount.yml b/rules/windows/builtin/security/win_iso_mount.yml
index 1c5af2056..a0643396a 100644
--- a/rules/windows/builtin/security/win_iso_mount.yml
+++ b/rules/windows/builtin/security/win_iso_mount.yml
@@ -21,7 +21,7 @@ detection:
         EventID: 4663
         ObjectServer: 'Security'
         ObjectType: 'File'
-        ObjectName|contains: '\Device\CdRom'
+        ObjectName|startswith: '\Device\CdRom'
     filter:
         ObjectName: '\Device\CdRom0\setup.exe'
     condition: selection and not filter
diff --git a/rules/windows/registry/registry_set/registry_set_bypass_uac_using_eventviewer.yml b/rules/windows/registry/registry_set/registry_set_bypass_uac_using_eventviewer.yml
index 0fac88f33..6fcac7a54 100644
--- a/rules/windows/registry/registry_set/registry_set_bypass_uac_using_eventviewer.yml
+++ b/rules/windows/registry/registry_set/registry_set_bypass_uac_using_eventviewer.yml
@@ -16,7 +16,7 @@ detection:
         EventType: SetValue
         TargetObject|endswith: '_Classes\mscfile\shell\open\command\(Default)'
     filter:
-        Details|contains: '%SystemRoot%\system32\mmc.exe "%1" %'
+        Details|startswith: '%SystemRoot%\system32\mmc.exe "%1" %'
     condition: selection and not filter
 falsepositives:
     - Unknown