diff --git a/rules/integrations/problemchild/defense_evasion_ml_suspicious_windows_event_high_probability.toml b/rules/integrations/problemchild/defense_evasion_ml_suspicious_windows_event_high_probability.toml
index e4f7721dd..c9d776c0b 100644
--- a/rules/integrations/problemchild/defense_evasion_ml_suspicious_windows_event_high_probability.toml
+++ b/rules/integrations/problemchild/defense_evasion_ml_suspicious_windows_event_high_probability.toml
@@ -2,7 +2,7 @@
 creation_date = "2023/10/16"
 integration = ["problemchild", "endpoint"]
 maturity = "production"
-updated_date = "2025/12/17"
+updated_date = "2026/02/05"
 
 [rule]
 author = ["Elastic"]
@@ -102,7 +102,14 @@ not (process.name : "opera.exe" and process.parent.name : "opera.exe") and
 not (process.parent.executable : "C:\\Windows\\System32\\svchost.exe" and
      process.name : ("UCPDMgr.exe", "sdbinst.exe", "gpupdate.exe", "rundll32.exe", "taskhostw.exe", "taskeng.exe", "rdpclip.exe", "firefox.exe", "w3wp.exe")) and
 not process.executable : ("C:\\Program Files\\*.exe", "C:\\Program Files (x86)\\*.exe") and
-not (process.name : "MpCmdRun.exe" and process.parent.name : ("MsMpEng.exe", "MpCmdRun.exe", "svchost.exe"))
+not (process.name : "MpCmdRun.exe" and process.parent.name : ("MsMpEng.exe", "MpCmdRun.exe", "svchost.exe")) and
+not (process.name : "slack.exe" and process.parent.name : "slack.exe") and
+not (process.name : "reg.exe" and process.parent.name : "pycharm64.exe") and
+not (process.name : "reg.exe" and process.parent.name : "rider64.exe") and
+not (process.name : "LogiLuUpdater.exe" and process.parent.name : "LogiOptionsMgr.exe") and
+not (process.name : "chrome.exe" and process.parent.name : "node.exe" and process.command_line  : "*playwright*") and
+not (process.name : "powershell.exe" and process.command_line : "*\\Zabbix_Scripts\\*.ps1*") and
+not (process.parent.name : "opera.exe" and process.command_line: "*--type=renderer*")
 '''