diff --git a/.github/workflows/goodlog-tests.yml b/.github/workflows/goodlog-tests.yml
index 1a1dbd57b..734452963 100644
--- a/.github/workflows/goodlog-tests.yml
+++ b/.github/workflows/goodlog-tests.yml
@@ -6,7 +6,7 @@ name: Goodlog Tests
 on: [push, pull_request, merge_group, workflow_dispatch]
 
 env:
-  EVTX_BASELINE_VERSION: v0.8.3
+  EVTX_BASELINE_VERSION: v0.8.4
 
 jobs:
   check-baseline-win7:
diff --git a/.github/workflows/known-FPs.csv b/.github/workflows/known-FPs.csv
index 2970a47e2..ad9c7e287 100644
--- a/.github/workflows/known-FPs.csv
+++ b/.github/workflows/known-FPs.csv
@@ -73,6 +73,7 @@ de587dce-915e-4218-aac4-835ca6af6f70;Potential Persistence Attempt Via Run Keys
 8fbf3271-1ef6-4e94-8210-03c2317947f6;Cred Dump Tools Dropped Files;Svchost\.exe
 c7da8edc-49ae-45a2-9e61-9fd860e4e73d;PUA - Sysinternals Tools Execution - Registry;.*
 dcff7e85-d01f-4eb5-badd-84e2e6be8294;Windows Default Domain GPO Modification via GPME;Computer: WIN-FPV0DSIC9O6.sigma.fr
-416bc4a2-7217-4519-8dc7-c3271817f1d5;Suspicious Loading of Dbgcore/Dbghelp DLLs from Uncommon Location;procexp64\.exe 
+416bc4a2-7217-4519-8dc7-c3271817f1d5;Suspicious Loading of Dbgcore/Dbghelp DLLs from Uncommon Location;procexp64\.exe
 5a6b7c8d-9e0f-1a2b-3c4d-5e6f7a8b9c0d;Cmd Launched with Hidden Start Flags to Suspicious Targets;xampp
 558eebe5-f2ba-4104-b339-36f7902bcc1a;File Creation Date Changed to Another Year;(\\target\.exe|thm\.wxl|\\AppData\\Local\\Temp\\)
+5e993621-67d4-488a-b9ae-b420d08b96cb;Service Installation in Suspicious Folder;\\\\AppData\\\\Local\\\\Temp\\\\MBAMInstallerService\.exe
diff --git a/.github/workflows/matchgrep.sh b/.github/workflows/matchgrep.sh
index f0e33d545..a9c1b6b6b 100755
--- a/.github/workflows/matchgrep.sh
+++ b/.github/workflows/matchgrep.sh
@@ -18,14 +18,14 @@ if [[ ! -f ${fps}  || ! -r ${fps} ]]; then
 fi
 
 # Exclude all rules with level "low"
-findings=$(grep -v '"RuleLevel":"low"' ${infile})
+findings=$(grep -v '"RuleLevel":"low"' "${infile}")
 
 {
-    read # Skip CSV header
-    while IFS=\; read -r id name fpstring; do
+    read -r # Skip CSV header
+    while IFS=\; read -r id _name fpstring; do
         findings=$(echo "${findings}" | grep -iEv "\"RuleId\":\"${id}\".*${fpstring}")
     done
-} < ${fps}
+} < "${fps}"
 
 if [[ -z ${findings} ]]; then
     echo "No matches found."
@@ -34,7 +34,7 @@ else
     echo "${findings}"
     >&2 echo
     >&2 echo "Match overview:"
-    echo ${findings} | jq -c '. | {RuleId, RuleTitle, RuleLevel}' | sort | uniq -c | sort -nr >&2
+    echo "${findings}" | jq -c '. | {RuleId, RuleTitle, RuleLevel}' | sort | uniq -c | sort -nr >&2
     >&2 echo
     >&2 echo "You either need to tune your rule(s) for false positives or add a false positive filter to .github/workflows/known-FPs.csv"
     exit 3
diff --git a/.github/workflows/regression-tests.yml b/.github/workflows/regression-tests.yml
index 97767c04e..f6f519e47 100644
--- a/.github/workflows/regression-tests.yml
+++ b/.github/workflows/regression-tests.yml
@@ -3,7 +3,7 @@ name: Regression Tests
 on: [push, pull_request, workflow_dispatch]
 
 env:
-  EVTX_BASELINE_VERSION: v0.8.3
+  EVTX_BASELINE_VERSION: v0.8.4
 
 jobs:
   true-positive-tests: