diff --git a/rules/windows/file_event/sysmon_uac_bypass_ieinstal.yml b/rules/windows/file_event/sysmon_uac_bypass_ieinstal.yml
index 6e61f089b..9ba625f05 100644
--- a/rules/windows/file_event/sysmon_uac_bypass_ieinstal.yml
+++ b/rules/windows/file_event/sysmon_uac_bypass_ieinstal.yml
@@ -20,5 +20,6 @@ detection:
     selection:
         Image: 'C:\Program Files\Internet Explorer\IEInstal.exe'
         TargetFilename|startswith: 'C:\Users\'
-        TargetFilename|endswith: '\AppData\Local\Temp\IDC1.tmp\[1]consent.exe'
+        TargetFilename|contains: '\AppData\Local\Temp\'
+        TargetFilename|endswith: 'consent.exe'
     condition: selection
diff --git a/rules/windows/process_creation/win_uac_bypass_ieinstal.yml b/rules/windows/process_creation/win_uac_bypass_ieinstal.yml
index a6458810b..7c734ccf6 100644
--- a/rules/windows/process_creation/win_uac_bypass_ieinstal.yml
+++ b/rules/windows/process_creation/win_uac_bypass_ieinstal.yml
@@ -22,5 +22,6 @@ detection:
           - 'High'
           - 'System'
         ParentImage|endswith: '\ieinstal.exe'
-        Image|endswith: '\AppData\Local\Temp\IDC1.tmp\[1]consent.exe'
+        Image|contains: '\AppData\Local\Temp\'
+        Image|endswith: 'consent.exe'
     condition: selection