diff --git a/rules/windows/builtin/security/win_security_susp_sdelete.yml b/rules/windows/builtin/security/win_security_sdelete_potential_secure_deletion.yml
similarity index 76%
rename from rules/windows/builtin/security/win_security_susp_sdelete.yml
rename to rules/windows/builtin/security/win_security_sdelete_potential_secure_deletion.yml
index 4700f5316..23923fcb3 100644
--- a/rules/windows/builtin/security/win_security_susp_sdelete.yml
+++ b/rules/windows/builtin/security/win_security_sdelete_potential_secure_deletion.yml
@@ -1,14 +1,14 @@
-title: Secure Deletion with SDelete
+title: Potential Secure Deletion with SDelete
 id: 39a80702-d7ca-4a83-b776-525b1f86a36d
 status: test
-description: Detects renaming of file while deletion with SDelete tool.
+description: Detects files that have extensions commonly seen while SDelete is used to wipe files.
 references:
     - https://jpcertcc.github.io/ToolAnalysisResultSheet/details/sdelete.htm
     - https://www.jpcert.or.jp/english/pub/sr/ir_research.html
     - https://learn.microsoft.com/en-gb/sysinternals/downloads/sdelete
 author: Thomas Patzke
 date: 2017-06-14
-modified: 2021-11-27
+modified: 2024-12-13
 tags:
     - attack.impact
     - attack.defense-evasion
@@ -32,4 +32,5 @@ detection:
     condition: selection
 falsepositives:
     - Legitimate usage of SDelete
+    - Files that are interacted with that have these extensions legitimately
 level: medium