diff --git a/rules/windows/powershell/powershell_cmdline_specific_comb_methods.yml b/rules/windows/powershell/powershell_cmdline_specific_comb_methods.yml
index 273c0f2ca..8bbb7d5be 100644
--- a/rules/windows/powershell/powershell_cmdline_specific_comb_methods.yml
+++ b/rules/windows/powershell/powershell_cmdline_specific_comb_methods.yml
@@ -17,15 +17,16 @@ logsource:
 detection:
     selection1:
         Image|endswith: '\powershell.exe'
-        CommandLine|all:
-            - '*char*'
-            - '*join*'
+        CommandLine|contains|all:
+            - 'char'
+            - 'join'
     selection2:
         Image|endswith: '\powershell.exe'
         CommandLine|contains:
             - 'ToInt'
             - 'ToDecimal'
             - 'ToByte'
+            - 'ToUint'
             - 'ToSingle'
             - 'ToSByte'
     selection3:
@@ -36,14 +37,14 @@ detection:
             - 'String'
     selection4:
         Image|endswith: '\powershell.exe'
-        CommandLine|all:
-            - '*split*'
-            - '*join*'
+        CommandLine|contains|all:
+            - 'split'
+            - 'join'
     selection5:
         Image|endswith: '\powershell.exe'
-        CommandLine|all:
-            - '*ForEach*'
-            - '*Xor*'
+        CommandLine|contains|all:
+            - 'ForEach'
+            - 'Xor'
     selection6:
         Image|endswith: '\powershell.exe'
         CommandLine|contains: