diff --git a/rules/windows/registry/registry_set/registry_set_disable_winevt_logging.yml b/rules/windows/registry/registry_set/registry_set_disable_winevt_logging.yml
index 452485411..462cceb32 100644
--- a/rules/windows/registry/registry_set/registry_set_disable_winevt_logging.yml
+++ b/rules/windows/registry/registry_set/registry_set_disable_winevt_logging.yml
@@ -3,7 +3,7 @@ id: 2f78da12-f7c7-430b-8b19-a28f269b77a3
 description: Detects tempering with the "Enabled" registry key in order to disable windows logging of a windows event channel
 author: frack113, Nasreddine Bencherchali
 date: 2022/07/04
-modified: 2022/09/08
+modified: 2022/09/19
 status: experimental
 references:
     - https://twitter.com/WhichbufferArda/status/1543900539280293889
@@ -27,6 +27,7 @@ detection:
         TargetObject|contains:
             - '\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-FileInfoMinifilter'
             - '\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-ASN1\'
+            - '\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Kernel-AppCompat\'
     filter_empty: # This filter is related to aurora. Should be removed when fix is deployed. # TODO: Remove later
         Image:
             - ''