diff --git a/rules/windows/powershell/powershell_code_injection.yml b/rules/windows/powershell/powershell_code_injection.yml
index aa90fe428..47d220c50 100644
--- a/rules/windows/powershell/powershell_code_injection.yml
+++ b/rules/windows/powershell/powershell_code_injection.yml
@@ -2,7 +2,7 @@ title: Accessing WinAPI in PowerShell. Code Injection.
 id: eeb2e3dc-c1f4-40dd-9bd5-149ee465ad50
 status: experimental
 description: Detecting Code injection with PowerShell in another process
-author: Nikita Nazarov
+author: Nikita Nazarov, oscd.community
 date: 2020/10/06
 references:
     - https://speakerdeck.com/heirhabarov/hunting-for-powershell-abuse
@@ -17,7 +17,7 @@ detection:
     selection:
         EventID:
             - 8
-        SourceImage: '*\powershell.exe'
+        SourceImage|endswith: '\powershell.exe'
     condition: selection
 falsepositives:
     - Unknown