From be2ec96dc2ce1f28199faca6ebdc69b66b5e08a2 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Wed, 24 Aug 2022 12:29:54 +0100
Subject: [PATCH] Update file_event_win_susp_vscode_powershell_profile.yml

---
 .../file_event_win_susp_vscode_powershell_profile.yml           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/file_event/file_event_win_susp_vscode_powershell_profile.yml b/rules/windows/file_event/file_event_win_susp_vscode_powershell_profile.yml
index a2a9389e3..f85738a13 100644
--- a/rules/windows/file_event/file_event_win_susp_vscode_powershell_profile.yml
+++ b/rules/windows/file_event/file_event_win_susp_vscode_powershell_profile.yml
@@ -3,7 +3,7 @@ id: 3a9fa2ec-30bc-4ebd-b49e-7c9cff225502
 related:
     - id: b5b78988-486d-4a80-b991-930eff3ff8bf
       type: similar
-status: test
+status: experimental
 description: Detects the creation or modification of a vscode related powershell profile which could indicate suspicious activity as the profile can be used as a mean of persistence
 author: Nasreddine Bencherchali
 references: