fix: apply suggestions from code review

2023-04-25 11:18:59 +02:00
parent ab6f4848ff
commit d024f971de
1 changed files with 2 additions and 2 deletions
@@ -117,10 +117,10 @@ detection:
        TargetImage|endswith: '\winlogon.exe'
        GrantedAccess: '0x1fffff'
    filter_optional_adobe_arm_helper:
-        SourceImage|startswith:  # example path: 'C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\Temp\2092867405\AdobeARMHelper.exe'
+        SourceImage|startswith:  # Example path: 'C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\Temp\2092867405\AdobeARMHelper.exe'
            - 'C:\Program Files\Common Files\Adobe\ARM\'
            - 'C:\Program Files (x86)\Common Files\Adobe\ARM\'
-        SourceImage|endswith: 'AdobeARMHelper.exe'
+        SourceImage|endswith: '\AdobeARMHelper.exe'
        GrantedAcces: '0x1410'
    condition: selection and not 1 of filter_optional_*
 fields: