diff --git a/rules/windows/persistence_suspicious_com_hijack_registry.toml b/rules/windows/persistence_suspicious_com_hijack_registry.toml
index 927614a43..d995fc89f 100644
--- a/rules/windows/persistence_suspicious_com_hijack_registry.toml
+++ b/rules/windows/persistence_suspicious_com_hijack_registry.toml
@@ -2,7 +2,7 @@
 creation_date = "2020/11/18"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/09/05"
+updated_date = "2026/01/29"
 
 [rule]
 author = ["Elastic"]
@@ -98,7 +98,8 @@ registry where host.os.type == "windows" and event.type == "change" and
         "HKEY_USERS\\*\\LocalServer32\\",
         "HKEY_USERS\\*\\DelegateExecute",
         "HKEY_USERS\\*\\TreatAs\\",
-        "HKEY_USERS\\*\\ScriptletURL*"
+        "HKEY_USERS\\*\\ScriptletURL*", 
+        "HKEY_USERS\\*\\TypeLib*\\Win*"
       ) and
       not registry.data.strings : (
             /* COM related to Windows Spotlight feature */