From c310d72e2b462d27db27bb0a892f94cf37500bbd Mon Sep 17 00:00:00 2001
From: Jonhnathan <jonhnathancesar@gmail.com>
Date: Thu, 15 Oct 2020 15:49:39 -0300
Subject: [PATCH] Update win_susp_mshta_execution.yml

---
 rules/windows/builtin/win_susp_mshta_execution.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/windows/builtin/win_susp_mshta_execution.yml b/rules/windows/builtin/win_susp_mshta_execution.yml
index adf95f8cd..cac81fb5b 100644
--- a/rules/windows/builtin/win_susp_mshta_execution.yml
+++ b/rules/windows/builtin/win_susp_mshta_execution.yml
@@ -28,7 +28,7 @@ detection:
             - '.jpg'
             - '.png'
             - '.lnk'
-            # - '*.chm*'  # could be prone to false positives
+            # - '.chm'  # could be prone to false positives
             - '.xls'
             - '.doc'
             - '.zip'