diff --git a/rules/windows/persistence_via_application_shimming.toml b/rules/windows/persistence_via_application_shimming.toml
index 12a8283aa..05665376e 100644
--- a/rules/windows/persistence_via_application_shimming.toml
+++ b/rules/windows/persistence_via_application_shimming.toml
@@ -3,7 +3,7 @@ creation_date = "2020/02/18"
 maturity = "production"
 min_stack_comments = "New fields added: required_fields, related_integrations, setup"
 min_stack_version = "8.3.0"
-updated_date = "2022/09/15"
+updated_date = "2022/10/13"
 
 [rule]
 author = ["Elastic"]
@@ -29,7 +29,9 @@ timestamp_override = "event.ingested"
 type = "eql"
 
 query = '''
-process where event.type == "start" and process.name : "sdbinst.exe"
+process where event.type == "start" and process.name : "sdbinst.exe" and 
+  not (process.args : "-m" and process.args : "-bg") and 
+  not process.args : "-mm"
 '''