diff --git a/rules/windows/image_load/sysmon_in_memory_powershell.yml b/rules/windows/image_load/sysmon_in_memory_powershell.yml
index 4e9ffc39c..4ce1cfee4 100755
--- a/rules/windows/image_load/sysmon_in_memory_powershell.yml
+++ b/rules/windows/image_load/sysmon_in_memory_powershell.yml
@@ -39,6 +39,7 @@ detection:
             - '\Microsoft SQL Server Management Studio *\Common*\IDE\Ssms.exe'
             - '\IDE\devenv.exe'
             - '\ServiceHub.VSDetouredHost.exe'
+            - '\ServiceHub.SettingsHost.exe'
        # User: 'NT AUTHORITY\SYSTEM'   # if set, matches all powershell processes not launched by SYSTEM
     condition: selection and not filter
 falsepositives: