diff --git a/rules/windows/sysmon/sysmon_susp_regsvr32_anomalies.yml b/rules/windows/sysmon/sysmon_susp_regsvr32_anomalies.yml
index a7d9801d4..b83932055 100644
--- a/rules/windows/sysmon/sysmon_susp_regsvr32_anomalies.yml
+++ b/rules/windows/sysmon/sysmon_susp_regsvr32_anomalies.yml
@@ -20,9 +20,10 @@ detection:
     selection3:
         EventID: 1
         Image: '*\regsvr32.exe'
-        Commandline: '/i:http'
+        Commandline: '*/i:http* scrobj.dll'
     condition: selection1 or selection2 or selection3
 falsepositives:
     - Unknown
 level: high
 
+