diff --git a/rules/windows/process_creation/proc_creation_win_lolbin_pktmon.yml b/rules/windows/process_creation/proc_creation_win_lolbin_pktmon.yml
index a22ebc7ad..5497cd382 100644
--- a/rules/windows/process_creation/proc_creation_win_lolbin_pktmon.yml
+++ b/rules/windows/process_creation/proc_creation_win_lolbin_pktmon.yml
@@ -6,6 +6,7 @@ references:
     - https://lolbas-project.github.io/lolbas/Binaries/Pktmon/
 author: frack113
 date: 2022/03/17
+modified: 2023/01/31
 tags:
     - attack.credential_access
     - attack.t1040
@@ -14,7 +15,7 @@ logsource:
     product: windows
 detection:
     selection:
-        - Image|endswith: 'PktMon.exe'
+        - Image|endswith: '\pktmon.exe'
         - OriginalFileName: 'PktMon.exe'
     condition: selection
 falsepositives: