diff --git a/rules/windows/process_creation/proc_creation_win_rundll32_parent_explorer.yml b/rules/windows/process_creation/proc_creation_win_rundll32_parent_explorer.yml
index f1b485722..67faacd00 100644
--- a/rules/windows/process_creation/proc_creation_win_rundll32_parent_explorer.yml
+++ b/rules/windows/process_creation/proc_creation_win_rundll32_parent_explorer.yml
@@ -7,7 +7,7 @@ references:
     - https://thedfirreport.com/2022/09/26/bumblebee-round-two/
 author: CD_ROM_
 date: 2022/05/21
-modified: 2022/12/15
+modified: 2022/12/21
 tags:
     - attack.defense_evasion
 logsource:
@@ -18,7 +18,8 @@ detection:
         Image|endswith: '\rundll32.exe'
         ParentImage|endswith: '\explorer.exe'
     filter:
-        CommandLine|contains: ' C:\Windows\System32\' # The space at the start is required
+        - CommandLine|contains: ' C:\Windows\System32\' # The space at the start is required
+        - CommandLine|endswith: ' -localserver 22d8c27b-47a1-48d1-ad08-7da7abd79617' # Windows 10 volume control
     condition: selection and not filter
 fields:
     - Image