diff --git a/rules/windows/lateral_movement_incoming_wmi.toml b/rules/windows/lateral_movement_incoming_wmi.toml
index b702779fa..ee7c372a2 100644
--- a/rules/windows/lateral_movement_incoming_wmi.toml
+++ b/rules/windows/lateral_movement_incoming_wmi.toml
@@ -4,7 +4,7 @@ integration = ["endpoint", "windows"]
 maturity = "production"
 min_stack_comments = "New fields added: required_fields, related_integrations, setup"
 min_stack_version = "8.3.0"
-updated_date = "2023/06/22"
+updated_date = "2023/06/30"
 
 [rule]
 author = ["Elastic"]
@@ -37,7 +37,8 @@ sequence by host.id with maxspan = 2s
   [process where host.os.type == "windows" and event.type == "start" and process.parent.name : "WmiPrvSE.exe" and
    not process.args : ("C:\\windows\\temp\\nessus_*.txt",
                        "*C:\\windows\\TEMP\\nessus_*.TMP*",
-                       "C:\\Windows\\CCM\\SystemTemp\\*",
+                       "*C:\\Windows\\CCM\\SystemTemp\\*",
+                       "C:\\Windows\\CCM\\ccmrepair.exe",
                        "C:\\Windows\\CCMCache\\*",
                        "C:\\CCM\\Cache\\*")
    ]