diff --git a/tools/sigma/backends/carbonblack.py b/tools/sigma/backends/carbonblack.py
index bf6207644..9c2eb2245 100644
--- a/tools/sigma/backends/carbonblack.py
+++ b/tools/sigma/backends/carbonblack.py
@@ -127,14 +127,13 @@ class CarbonBlackBackend(SingleTextQueryBackend):
             if ( "1 to" not in new_value):    
                 new_value = new_value.replace("* ", "*")
                 new_value = new_value.replace(" *", "*")
-            if ( "(" in new_value or " " in new_value and "1 to" not in new_value):
+                new_value = new_value.replace('"', '\"')
+            # need tuning    
+            if (( "(" in new_value or " " in new_value or ")" in new_value or ":" in new_value) and "1 to" not in new_value):
                 new_value = '"' + new_value +'"'
-
-            # while re.search(r'\\[\/\\\"]',str(new_value)):
-            #     new_value = re.sub(r'\\\\', r'\\' , new_value)
-            #     new_value = re.sub(r'\\\/', r'\/' , new_value)
-            #     new_value = re.sub(r'\\\"', r'\"' , new_value)
-            #     new_value = re.sub(r"\\\'", r"\'" , new_value)
+                new_value = new_value.replace("(", "\(")
+                new_value = new_value.replace(")", "\)")
+                new_value = new_value.replace(" ", "\ ")
 
             new_value = new_value.strip()
         if type(value) is list: