Fixing indentation

SigmaHQ · Dec 26, 2024 · 95d9ade · 95d9ade
1 parent 0bc42f0
commit 95d9ade
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/rules/windows/builtin/code_integrity/win_codeintegrity_attempted_dll_load.yml b/rules/windows/builtin/code_integrity/win_codeintegrity_attempted_dll_load.yml
@@ -110,11 +110,11 @@ detection:
     filter_optional_kaspersky:
         # Example: \Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security for Windows\x64\antimalware_provider.dll
         - ProcessNameBuffer|contains|all:
-            - '\Kaspersky Lab\'
-            - '\avp.exe'
+              - '\Kaspersky Lab\'
+              - '\avp.exe'
         - FileNameBuffer|contains|all:
-            - '\Kaspersky Lab\'
-            - '\antimalware_provider.dll'
+              - '\Kaspersky Lab\'
+              - '\antimalware_provider.dll'
     condition: selection and not 1 of filter_main_* and not 1 of filter_optional_*
 falsepositives:
     - Antivirus and other third party products are known to trigger this rule quite a lot. Initial filters and tuning is required before using this rule.