diff --git a/rules/Suspicious.SysProcAddAutoRun/auto.json b/rules/Suspicious.SysProcAddAutoRun/auto.json
index 8ef0078..a143a70 100644
--- a/rules/Suspicious.SysProcAddAutoRun/auto.json
+++ b/rules/Suspicious.SysProcAddAutoRun/auto.json
@@ -25,6 +25,14 @@
                 "action_type": 5,
                 "treatment": 0
             }
+        ],
+        "*\\Windows\\Sys?????\\reg.exe": [
+            {
+                "res_path": "*\\Software\\Microsoft\\Windows\\CurrentVersion\\Run*",
+                "montype": 2,
+                "action_type": 5,
+                "treatment": 0
+            }
         ]
     }
 }
\ No newline at end of file