diff --git a/rules/windows/process_creation/win_script_event_consumer_spawn b/rules/windows/process_creation/win_script_event_consumer_spawn.yml
similarity index 97%
rename from rules/windows/process_creation/win_script_event_consumer_spawn
rename to rules/windows/process_creation/win_script_event_consumer_spawn.yml
index 3f7616da4..7c525990e 100644
--- a/rules/windows/process_creation/win_script_event_consumer_spawn
+++ b/rules/windows/process_creation/win_script_event_consumer_spawn.yml
@@ -28,6 +28,7 @@ detection:
             - '\mshta.exe'
             - '\rundll32.exe'
             - '\msiexec.exe'
+            - '\msbuild.exe'
     condition: selection
 fields:
     - CommandLine