diff --git a/rules/windows/registry/registry_set/registry_set_asep_reg_keys_modification_currentversion.yml b/rules/windows/registry/registry_set/registry_set_asep_reg_keys_modification_currentversion.yml
index 2704d1bb6..49a451c1d 100644
--- a/rules/windows/registry/registry_set/registry_set_asep_reg_keys_modification_currentversion.yml
+++ b/rules/windows/registry/registry_set/registry_set_asep_reg_keys_modification_currentversion.yml
@@ -23,9 +23,7 @@ detection:
     current_version_keys:
         TargetObject|contains:
             - '\ShellServiceObjectDelayLoad'
-            - '\Run\'
-            - '\RunOnce\'
-            - '\RunOnceEx\'
+            - '\Run' # Covers the following keys: 'Run', 'RunOnce', 'RunServices', 'RunServicesOnce', 'RunOnceEx'
             - '\Policies\System\Shell'
             - '\Policies\Explorer\Run'
             - '\Group Policy\Scripts\Startup'
diff --git a/rules/windows/registry/registry_set/registry_set_asep_reg_keys_modification_wow6432node.yml b/rules/windows/registry/registry_set/registry_set_asep_reg_keys_modification_wow6432node.yml
index 253787b2a..239b5968d 100644
--- a/rules/windows/registry/registry_set/registry_set_asep_reg_keys_modification_wow6432node.yml
+++ b/rules/windows/registry/registry_set/registry_set_asep_reg_keys_modification_wow6432node.yml
@@ -23,9 +23,7 @@ detection:
     wow_current_version_keys:
         TargetObject|contains:
             - '\ShellServiceObjectDelayLoad'
-            - '\Run\'
-            - '\RunOnce\'
-            - '\RunOnceEx\'
+            - '\Run' # Covers the following keys: 'Run', 'RunOnce', 'RunServices', 'RunServicesOnce', 'RunOnceEx'
             - '\Explorer\ShellServiceObjects'
             - '\Explorer\ShellIconOverlayIdentifiers'
             - '\Explorer\ShellExecuteHooks'