diff --git a/rules/windows/image_load/image_load_msdt_sdiageng.yml b/rules/windows/image_load/image_load_msdt_sdiageng.yml
index 157966584..1db0d173d 100644
--- a/rules/windows/image_load/image_load_msdt_sdiageng.yml
+++ b/rules/windows/image_load/image_load_msdt_sdiageng.yml
@@ -13,7 +13,7 @@ detection:
   selection_img:
     Image|endswith: '\msdt.exe'
   selection_load:
-    ImageLoaded|endswith: 'sdiageng.dll'
+    ImageLoaded|endswith: '\sdiageng.dll'
   condition: all of selection*
 falsepositives:
   - Unknown