diff --git a/rules/windows/process_creation/win_susp_control_cve_2021_40444.yml b/rules/windows/process_creation/win_susp_control_cve_2021_40444.yml
index 312b047b7..2a02b7ad7 100644
--- a/rules/windows/process_creation/win_susp_control_cve_2021_40444.yml
+++ b/rules/windows/process_creation/win_susp_control_cve_2021_40444.yml
@@ -20,7 +20,9 @@ detection:
             - '\powerpnt.exe'
             - '\excel.exe'
     filter:
-        CommandLine|endswith: '\control.exe input.dll'
+        CommandLine|endswith: 
+            - '\control.exe input.dll'
+            - '\control.exe" input.dll'
     condition: selection and not filter
 falsepositives:
     - Unknown