diff --git a/rules/windows/builtin/win_dce_rpc_smb_spoolss_named_pipe.yml b/rules/windows/builtin/win_dce_rpc_smb_spoolss_named_pipe.yml
index 040b921f8..bfdf33367 100644
--- a/rules/windows/builtin/win_dce_rpc_smb_spoolss_named_pipe.yml
+++ b/rules/windows/builtin/win_dce_rpc_smb_spoolss_named_pipe.yml
@@ -17,7 +17,7 @@ logsource:
 detection:
     selection:
         EventID: 5145
-        ShareName: \\*\IPC$
+        ShareName: \\\*\IPC$
         RelativeTargetName: spoolss
     condition: selection
 falsepositives: